CVE-2021-22904 log

Severity Low
Remote Yes
Type Denial of service
There is a possible denial of service (DoS) vulnerability in the Token Authentication logic in Action Controller before versions,, and 5.2.6. Impacted code uses "authenticate_or_request_with_http_token" or "authenticate_with_http_token" for request authentication.
Group Package Affected Fixed Severity Status Ticket
AVG-2223 gitlab-gitaly 14.0.4-1 14.1.0-1 Medium Fixed
AVG-2090 gitlab 13.12.3-1 14.0.0-1 Medium Fixed
AVG-1921 metasploit 6.0.37-1 6.0.48-1 Medium Fixed
AVG-1920 redmine 4.2.1-1 4.2.2-1 Medium Fixed