[Git][security-tracker-team/security-tracker][master] Add CVE-2022-27777/rails

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jun 2 07:49:43 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
882d5839 by Salvatore Bonaccorso at 2022-06-02T08:48:38+02:00
Add CVE-2022-27777/rails

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -12621,7 +12621,14 @@ CVE-2022-27778 [curl: removes wrong file on error]
 	NOTE: https://curl.se/docs/CVE-2022-27778.html
 	NOTE: Fixed by: https://github.com/curl/curl/commit/8c7ee9083d0d719d0a77ab20d9cc2ae84eeea7f3 (curl-7_83_1)
 CVE-2022-27777 (A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5. ...)
-	TODO: check
+	- rails <unfixed>
+	NOTE: https://discuss.rubyonrails.org/t/cve-2022-27777-possible-xss-vulnerability-in-action-view-tag-helpers/80534
+	NOTE: Fixed by: https://github.com/rails/rails/commit/123f42a573f7fcbf391885c135ca809f21615180 (v6.1.5.1)
+	NOTE: Regression fix: https://github.com/rails/rails/commit/7c2da9e51c5c02643f30d83aaad3ed5062adcad8 (6.1.6)
+	NOTE: Fixed by: https://github.com/rails/rails/commit/36a6dad07d572a0098c29d6d96a226638a7caa38 (v6.0.4.8)
+	NOTE: Regression fix: https://github.com/rails/rails/commit/1b5df893d82a27da907e9b8b75deff13179d1df3 (v6.0.5)
+	NOTE: Fixed by: https://github.com/rails/rails/commit/1278c0f0b4a18ea199f92b666b8b94954a74c20b (v5.2.7.1)
+	NOTE: Regression fix: https://github.com/rails/rails/commit/a1b8a9b5e5a905d0aeabf532e3f6b74116d5cce6 (v5.2.8)
 CVE-2022-27776 [Auth/cookie leak on redirect]
 	RESERVED
 	- curl 7.83.0-1 (bug #1010252)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/882d583994ff4800ae4acffb7fbdabf9d631a147

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/882d583994ff4800ae4acffb7fbdabf9d631a147
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220602/75ae797c/attachment.htm>

More information about the debian-security-tracker-commits mailing list