[Git][security-tracker-team/security-tracker][master] new rails issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Oct 18 12:06:07 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bc37ec04 by Moritz Mühlenhoff at 2024-10-18T13:05:35+02:00
new rails issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -377,9 +377,13 @@ CVE-2024-48180 (ClassCMS <=4.8 is vulnerable to file inclusion in the nowView me
 CVE-2024-47889 (Action Mailer is a framework for designing email service layers. Start ...)
 	TODO: check
 CVE-2024-47888 (Action Text brings rich text content and editing to Rails. Starting in ...)
-	TODO: check
+	- rails <unfixed>
+	NOTE: https://github.com/rails/rails/security/advisories/GHSA-wwhv-wxv9-rpgw
+	NOTE: https://github.com/rails/rails/commit/4f4312b21a6448336de7c7ab0c4d94b378def468
 CVE-2024-47887 (Action Pack is a framework for handling and responding to web requests ...)
-	TODO: check
+	- rails <unfixed>
+	NOTE: https://github.com/rails/rails/security/advisories/GHSA-vfg9-r3fq-jvx4
+	NOTE: https://github.com/rails/rails/commit/8e057db25bff1dc7a98e9ae72e0083825b9ac545
 CVE-2024-46213 (REDAXO CMS v2.11.0 was discovered to contain a remote code execution ( ...)
 	NOT-FOR-US: REDAXO CMS
 CVE-2024-46212 (An issue in the component /index.php?page=backup/export of REDAXO CMS  ...)
@@ -510,7 +514,9 @@ CVE-2024-45072 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an
 CVE-2024-45071 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored c ...)
 	NOT-FOR-US: IBM
 CVE-2024-41128 (Action Pack is a framework for handling and responding to web requests ...)
-	TODO: check
+	- rails <unfixed>
+	NOTE: https://github.com/rails/rails/security/advisories/GHSA-x76w-6vjr-8xgj
+	NOTE: https://github.com/rails/rails/commit/fb493bebae1a9b83e494fe7edbf01f6167d606fd
 CVE-2024-38814 (An authenticated SQL injection vulnerability in VMware HCX was private ...)
 	NOT-FOR-US: VMware
 CVE-2024-29155 (On Microchip RN4870 devices, when more than one consecutive PairReqNoI ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc37ec04d0ea3adeb24b47ac35a937203ff01010

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc37ec04d0ea3adeb24b47ac35a937203ff01010
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241018/118f5735/attachment.htm>

More information about the debian-security-tracker-commits mailing list