CVE-2021-22902 log
Source |
|
Severity | Low |
Remote | Yes |
Type | Denial of service |
Description | There is a possible Denial of Service vulnerability in Action Dispatch before version 6 before 6.0.3.7 and 6.1.0.2. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch to do catastrophic backtracking in the regular expression engine. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-2223 | gitlab-gitaly | 14.0.4-1 | 14.1.0-1 | Medium | Fixed | |
AVG-2090 | gitlab | 13.12.3-1 | 14.0.0-1 | Medium | Fixed |
References |
---|
https://www.openwall.com/lists/oss-security/2021/05/05/1 |