AVG-2090 log

Package gitlab
Status Fixed
Severity Medium
Type multiple issues
Affected 13.12.3-1
Fixed 14.0.0-1
Current 17.7.0-1 [extra]
Ticket None
Created Mon Jun 21 22:11:22 2021
Issue Severity Remote Type Description
CVE-2021-22904 Low Yes Denial of service
There is a possible denial of service (DoS) vulnerability in the Token Authentication logic in Action Controller before versions 6.1.3.2, 6.0.3.7, 5.2.4.6...
CVE-2021-22902 Low Yes Denial of service
There is a possible Denial of Service vulnerability in Action Dispatch before version 6 before 6.0.3.7 and 6.1.0.2. Carefully crafted Accept headers can...
CVE-2021-22885 Medium Yes Information disclosure
There is a possible information disclosure/unintended method execution vulnerability in Action Pack before versions 6.1.3.2, 6.0.3.7, 5.2.4.6 and 5.2.6 when...
Notes
Action Pack version 6.0.3.6 is bundled in GitLab version 13.12.3, Action Pack version 6.1.3.2 is bundled in GitLab version 14.0.0.