CVE-2021-22904 log

Severity Low
Remote Yes
Type Denial of service
There is a possible denial of service (DoS) vulnerability in the Token Authentication logic in Action Controller before versions,, and 5.2.6. Impacted code uses "authenticate_or_request_with_http_token" or "authenticate_with_http_token" for request authentication.
Group Package Affected Fixed Severity Status Ticket
AVG-1920 redmine 4.2.1-1 Medium Vulnerable
AVG-1905 gitlab-gitaly 14.0.0-1 Medium Vulnerable
AVG-2090 gitlab 13.12.3-1 14.0.0-1 Medium Fixed
AVG-1921 metasploit 6.0.37-1 6.0.48-1 Medium Fixed