[Git][security-tracker-team/security-tracker][master] CVE-2022-32224/rails: link regression discussion

Sylvain Beucler (@beuc) gitlab at salsa.debian.org
Tue May 5 08:16:36 BST 2026 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
330c279b by Sylvain Beucler at 2026-05-05T09:16:29+02:00
CVE-2022-32224/rails: link regression discussion

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -397753,8 +397753,9 @@ CVE-2022-32224 (A possible escalation to RCE vulnerability exists when using YAM
 	NOTE: Fixed by: https://github.com/rails/rails/commit/8ce4bd1be83c08c30c34af4d0f1a726066128176 (v6.1.6.1)
 	NOTE: Fixed by: https://github.com/rails/rails/commit/d28f278788b599c0a9f6e3ea437c6642eb56f16c (v6.0.5.1)
 	NOTE: Fixed by: https://github.com/rails/rails/commit/6576aa7bbcf52ebd39853363e29f92b4dd53b6f1 (v5.2.8.1)
-	NOTE: "This may introduce backwards compatibility issues with existing data."
 	NOTE: Psych 4.0 redirects 'YAML.load' from 'YAML.unsafe_load' to 'YAML.safe_load'; 'unsafe_load' introduced in 3.3.2.
+	NOTE: "This may introduce backwards compatibility issues with existing data."
+	NOTE: https://lists.debian.org/debian-lts/2022/09/msg00004.html
 CVE-2022-32223 (Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under ce ...)
 	- nodejs <not-affected> (Only affects Windows)
 	NOTE: https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/#dll-hijacking-on-windows-high-cve-2022-32223



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/330c279bfa2f11e33c4776262ce6aa72f58f0cec

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/330c279bfa2f11e33c4776262ce6aa72f58f0cec
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260505/51edc08c/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list