[Git][security-tracker-team/security-tracker][master] Add CVE-2024-26143/rails
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Feb 27 21:06:52 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8830226b by Salvatore Bonaccorso at 2024-02-27T22:06:18+01:00
Add CVE-2024-26143/rails
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -139,7 +139,10 @@ CVE-2024-26470 (A host header injection vulnerability in the forgot password fun
CVE-2024-26464 (net-snmp 5.9.4 contains a memory leak vulnerability in /net-snmp/apps/ ...)
TODO: check
CVE-2024-26143 (Rails is a web-application framework. There is a possible XSS vulnerab ...)
- TODO: check
+ - rails <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/rails/rails/security/advisories/GHSA-9822-6m93-xqf4
+ NOTE: https://github.com/rails/rails/commit/4c83b331092a79d58e4adffe4be5f250fa5782cc (v7.0.8.1)
+ NOTE: https://github.com/rails/rails/commit/5187a9ef51980ad1b8e81945ebe0462d28f84f9e (v7.1.3.1)
CVE-2024-26142 (Rails is a web-application framework. Starting in version 7.1.0, there ...)
- rails <not-affected> (Vulnerable code not present)
NOTE: https://github.com/rails/rails/security/advisories/GHSA-jjhx-jhvp-74wq
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8830226b0c94414c066b571c75d66e8ee4853a78
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8830226b0c94414c066b571c75d66e8ee4853a78
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240227/4956fd1d/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list