AVG-2223 log

Package gitlab-gitaly
Status Fixed
Severity Medium
Type multiple issues
Affected 14.0.4-1
Fixed 14.1.0-1
Current 14.3.0-2 [community]
Ticket None
Created Mon Jul 26 21:14:27 2021
Issue Severity Remote Type Description
CVE-2021-22904 Low Yes Denial of service
There is a possible denial of service (DoS) vulnerability in the Token Authentication logic in Action Controller before versions 6.1.3.2, 6.0.3.7, 5.2.4.6...
CVE-2021-22902 Low Yes Denial of service
There is a possible Denial of Service vulnerability in Action Dispatch before version 6 before 6.0.3.7 and 6.1.0.2. Carefully crafted Accept headers can...
CVE-2021-22885 Medium Yes Information disclosure
There is a possible information disclosure/unintended method execution vulnerability in Action Pack before versions 6.1.3.2, 6.0.3.7, 5.2.4.6 and 5.2.6 when...
Notes
Action Pack version 6.0.3.6 is bundled in Gitaly version 14.0.4, Action Pack version 6.1.3.2 is bundled in Gitaly version 14.1.0.