[Git][security-tracker-team/security-tracker][master] Add CVE-2021-22885/rails

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
76cd2ab7 by Salvatore Bonaccorso at 2021-05-05T21:52:41+02:00
Add CVE-2021-22885/rails

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -21201,8 +21201,12 @@ CVE-2021-22887 (A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware
 	NOT-FOR-US: BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000
 CVE-2021-22886 (Rocket.Chat before 3.11, 3.10.5, 3.9.7, 3.8.8 is vulnerable to persist ...)
 	NOT-FOR-US: Rocket.Chat
-CVE-2021-22885
+CVE-2021-22885 [Possible Information Disclosure / Unintended Method Execution in Action Pack]
 	RESERVED
+	- rails <unfixed>
+	NOTE: https://github.com/rails/rails/commit/c4c21a9f8d7c9c8ca6570bdb82d64e2dc860e62c (main)
+	NOTE: https://github.com/rails/rails/commit/f202249bdd701f908a57d733e633d366a982f8ce (v6.0.3.7)
+	NOTE: https://github.com/rails/rails/commit/3eb9e74c287750a9fe11f700fc96d3be1e83aa35 (v5.2.4.6)
 CVE-2021-22884 (Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to ...)
 	{DSA-4863-1}
 	- nodejs 12.21.0~dfsg-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76cd2ab7b99d77402a640f184502b6d575189c7a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76cd2ab7b99d77402a640f184502b6d575189c7a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210505/b75d6da0/attachment.htm>