AVG-2223 log
| Package | gitlab-gitaly |
| Status | Fixed |
| Severity | Medium |
| Type | multiple issues |
| Affected | 14.0.4-1 |
| Fixed | 14.1.0-1 |
| Current | 17.8.1-1 [extra] |
| Ticket | None |
| Created | Mon Jul 26 21:14:27 2021 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2021-22904 | Low | Yes | Denial of service | There is a possible denial of service (DoS) vulnerability in the Token Authentication logic in Action Controller before versions 6.1.3.2, 6.0.3.7, 5.2.4.6... |
| CVE-2021-22902 | Low | Yes | Denial of service | There is a possible Denial of Service vulnerability in Action Dispatch before version 6 before 6.0.3.7 and 6.1.0.2. Carefully crafted Accept headers can... |
| CVE-2021-22885 | Medium | Yes | Information disclosure | There is a possible information disclosure/unintended method execution vulnerability in Action Pack before versions 6.1.3.2, 6.0.3.7, 5.2.4.6 and 5.2.6 when... |
| Notes |
|---|
Action Pack version 6.0.3.6 is bundled in Gitaly version 14.0.4, Action Pack version 6.1.3.2 is bundled in Gitaly version 14.1.0. |