gitlab-gitaly

Link	package \| bugs open \| bugs closed \| Wiki \| GitHub \| web search
Description	Speed up Git access using caching
Version	16.6.0-1 [extra-testing] 16.5.1-1 [extra]

Open

Group	Affected	Fixed	Severity	Status	Ticket
AVG-2493	14.3.0-3		Medium	Vulnerable

Issue	Group	Severity	Remote	Type	Description
CVE-2021-22942	AVG-2493	Medium	Yes	Open redirect	A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 before versions 6.1.4.1 and 6.0.4.1 that could allow...

Resolved

Group	Affected	Fixed	Severity	Status	Ticket
AVG-2223	14.0.4-1	14.1.0-1	Medium	Fixed
AVG-1905	14.2.1-1	14.2.2-1	Medium	Fixed

Issue	Group	Severity	Remote	Type	Description
CVE-2021-31799	AVG-1905	Medium	Yes	Arbitrary command execution	RDoc before version 6.3.1, as bundled with Ruby before version 2.7.4 and 2.6.8 as well as GitLab before version 14.0.2, used to call Kernel#open to open a...
CVE-2021-22904	AVG-2223	Low	Yes	Denial of service	There is a possible denial of service (DoS) vulnerability in the Token Authentication logic in Action Controller before versions 6.1.3.2, 6.0.3.7, 5.2.4.6...
CVE-2021-22902	AVG-2223	Low	Yes	Denial of service	There is a possible Denial of Service vulnerability in Action Dispatch before version 6 before 6.0.3.7 and 6.1.0.2. Carefully crafted Accept headers can...
CVE-2021-22885	AVG-2223	Medium	Yes	Information disclosure	There is a possible information disclosure/unintended method execution vulnerability in Action Pack before versions 6.1.3.2, 6.0.3.7, 5.2.4.6 and 5.2.6 when...