CVE-2021-22904 log
| Source |
|
| Severity | Low |
| Remote | Yes |
| Type | Denial of service |
| Description | There is a possible denial of service (DoS) vulnerability in the Token Authentication logic in Action Controller before versions 6.1.3.2, 6.0.3.7, 5.2.4.6 and 5.2.6. Impacted code uses "authenticate_or_request_with_http_token" or "authenticate_with_http_token" for request authentication. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-2223 | gitlab-gitaly | 14.0.4-1 | 14.1.0-1 | Medium | Fixed | |
| AVG-2090 | gitlab | 13.12.3-1 | 14.0.0-1 | Medium | Fixed | |
| AVG-1921 | metasploit | 6.0.37-1 | 6.0.48-1 | Medium | Fixed | |
| AVG-1920 | redmine | 4.2.1-1 | 4.2.2-1 | Medium | Fixed |
| References |
|---|
https://www.openwall.com/lists/oss-security/2021/05/05/4 |