[Git][security-tracker-team/security-tracker][master] CVE-2024-26144/rails [bullseye]

Bastien Roucariès (@rouca) rouca at debian.org
Sat Nov 22 18:46:00 GMT 2025 


Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a0910223 by Bastien Roucariès at 2025-11-22T19:45:08+01:00
CVE-2024-26144/rails [bullseye]

Proxying was introduced later in 6.1 so not-affected

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -197010,11 +197010,13 @@ CVE-2021-46907
 CVE-2024-26144 (Rails is a web-application framework. Starting with version 5.2.0, the ...)
 	{DSA-5881-1}
 	- rails 2:7.2.2.1+dfsg-1 (bug #1065119)
-	[bullseye] - rails <no-dsa> (Minor issue)
+	[bullseye] - rails <not-affected> (vulnerable code not present; introduced in 6.1)
 	NOTE: https://discuss.rubyonrails.org/t/possible-sensitive-session-information-leak-in-active-storage/84945
 	NOTE: https://github.com/rails/rails/security/advisories/GHSA-8h22-8cf7-hq6g
 	NOTE: https://github.com/rails/rails/commit/723f54566023e91060a67b03353e7c03e7436433 (v7.0.8.1)
 	NOTE: https://github.com/rails/rails/commit/78fe149509fac5b05e54187aaaef216fbb5fd0d3 (v6.1.7.7)
+	NOTE: Introduced by: https://github.com/rails/rails/commit/dfb5a82b259e134eac89784ac4ace0c44d1b4aee (v6.1.0rc1)
+	NOTE: Proxying was introduced in v6.1.0
 CVE-2024-27092 (Hoppscotch is an API development ecosystem.  Due to lack of validation ...)
 	NOT-FOR-US: Hoppscotch
 CVE-2024-27088 (es5-ext contains ECMAScript 5 extensions. Passing functions with very  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a09102238bcc1aa028cfe2cca7e58ba8be1c43e7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a09102238bcc1aa028cfe2cca7e58ba8be1c43e7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251122/bade349f/attachment.htm>

More information about the debian-security-tracker-commits mailing list