CVE-2021-22904 log

Source
Severity Low
Remote Yes
Type Denial of service
Description
There is a possible denial of service (DoS) vulnerability in the Token Authentication logic in Action Controller before versions 6.1.3.2, 6.0.3.7, 5.2.4.6 and 5.2.6. Impacted code uses "authenticate_or_request_with_http_token" or "authenticate_with_http_token" for request authentication.
Group Package Affected Fixed Severity Status Ticket
AVG-1920 redmine 4.2.1-1 Medium Vulnerable
AVG-1905 gitlab-gitaly 14.0.0-1 Medium Vulnerable
AVG-2090 gitlab 13.12.3-1 14.0.0-1 Medium Fixed
AVG-1921 metasploit 6.0.37-1 6.0.48-1 Medium Fixed
References
https://www.openwall.com/lists/oss-security/2021/05/05/4