CVE-2021-22885 log

Severity Medium
Remote Yes
Type Information disclosure
There is a possible information disclosure/unintended method execution vulnerability in Action Pack before versions,, and 5.2.6 when using the "redirect_to" or "polymorphic_url" helper with untrusted user input.
Group Package Affected Fixed Severity Status Ticket
AVG-2223 gitlab-gitaly 14.0.4-1 14.1.0-1 Medium Fixed
AVG-2090 gitlab 13.12.3-1 14.0.0-1 Medium Fixed
AVG-1921 metasploit 6.0.37-1 6.0.48-1 Medium Fixed
AVG-1920 redmine 4.2.1-1 4.2.2-1 Medium Fixed