CVE-2021-22885 log

Source
Severity Medium
Remote Yes
Type Information disclosure
Description
There is a possible information disclosure/unintended method execution vulnerability in Action Pack before versions 6.1.3.2, 6.0.3.7, 5.2.4.6 and 5.2.6 when using the "redirect_to" or "polymorphic_url" helper with untrusted user input.
Group Package Affected Fixed Severity Status Ticket
AVG-1920 redmine 4.2.1-1 Medium Vulnerable
AVG-1905 gitlab-gitaly 14.0.0-1 Medium Vulnerable
AVG-2090 gitlab 13.12.3-1 14.0.0-1 Medium Testing
AVG-1921 metasploit 6.0.37-1 6.0.48-1 Medium Fixed
References
https://www.openwall.com/lists/oss-security/2021/05/05/3
https://hackerone.com/reports/1106652