CVE-2021-22885 log
| Source |
|
| Severity | Medium |
| Remote | Yes |
| Type | Information disclosure |
| Description | There is a possible information disclosure/unintended method execution vulnerability in Action Pack before versions 6.1.3.2, 6.0.3.7, 5.2.4.6 and 5.2.6 when using the "redirect_to" or "polymorphic_url" helper with untrusted user input. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-2223 | gitlab-gitaly | 14.0.4-1 | 14.1.0-1 | Medium | Fixed | |
| AVG-2090 | gitlab | 13.12.3-1 | 14.0.0-1 | Medium | Fixed | |
| AVG-1921 | metasploit | 6.0.37-1 | 6.0.48-1 | Medium | Fixed | |
| AVG-1920 | redmine | 4.2.1-1 | 4.2.2-1 | Medium | Fixed |
| References |
|---|
https://www.openwall.com/lists/oss-security/2021/05/05/3 https://hackerone.com/reports/1106652 |