[Git][security-tracker-team/security-tracker][master] Add references for CVE-2021-22881/rails
Salvatore Bonaccorso
carnil at debian.org
Fri Feb 12 14:56:03 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
89850fca by Salvatore Bonaccorso at 2021-02-12T15:55:32+01:00
Add references for CVE-2021-22881/rails
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9647,6 +9647,9 @@ CVE-2021-22882
CVE-2021-22881 (The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3 ...)
- rails <unfixed>
NOTE: https://discuss.rubyonrails.org/t/cve-2021-22881-possible-open-redirect-in-host-authorization-middleware/77130
+ NOTE: https://hackerone.com/reports/1047447
+ NOTE: https://github.com/rails/rails/commit/83a6ac3fee8fd538ce7e0088913ff54f0f9bcb6f (main)
+ NOTE: https://github.com/rails/rails/commit/e33092740b3cc05f5abee197a5982eac31947e92 (v6.0.3.5)
CVE-2021-22880 (The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4 ...)
- rails <unfixed>
NOTE: https://discuss.rubyonrails.org/t/cve-2021-22880-possible-dos-vulnerability-in-active-record-postgresql-adapter/77129
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89850fcae829216963a1c0a633fd15a74260c300
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89850fcae829216963a1c0a633fd15a74260c300
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210212/3d6fbaf4/attachment.html>
More information about the debian-security-tracker-commits
mailing list