AVG-2090 log
Package | gitlab |
Status | Fixed |
Severity | Medium |
Type | multiple issues |
Affected | 13.12.3-1 |
Fixed | 14.0.0-1 |
Current | 17.7.0-1 [extra] |
Ticket | None |
Created | Mon Jun 21 22:11:22 2021 |
Issue | Severity | Remote | Type | Description |
---|---|---|---|---|
CVE-2021-22904 | Low | Yes | Denial of service | There is a possible denial of service (DoS) vulnerability in the Token Authentication logic in Action Controller before versions 6.1.3.2, 6.0.3.7, 5.2.4.6... |
CVE-2021-22902 | Low | Yes | Denial of service | There is a possible Denial of Service vulnerability in Action Dispatch before version 6 before 6.0.3.7 and 6.1.0.2. Carefully crafted Accept headers can... |
CVE-2021-22885 | Medium | Yes | Information disclosure | There is a possible information disclosure/unintended method execution vulnerability in Action Pack before versions 6.1.3.2, 6.0.3.7, 5.2.4.6 and 5.2.6 when... |
Notes |
---|
Action Pack version 6.0.3.6 is bundled in GitLab version 13.12.3, Action Pack version 6.1.3.2 is bundled in GitLab version 14.0.0. |