summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNeil Williams <codehelp@debian.org>2022-05-27 12:58:17 +0100
committerNeil Williams <codehelp@debian.org>2022-05-27 12:58:17 +0100
commite51505dc06f826df1da13c3c3a0fe5d8b2d6f373 (patch)
tree668dea45676bfc1d07e5fe2a2dbeb071e3c880c0
parent39f2921417ec0564ccbcb59b8660c67f04f968f2 (diff)
CVE-2022-21831 & CVE-2022-22577 in rails
-rw-r--r--data/CVE/list8
1 files changed, 6 insertions, 2 deletions
diff --git a/data/CVE/list b/data/CVE/list
index 0a1ad4b085..d1eac667d7 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -27852,7 +27852,9 @@ CVE-2022-22579 (An information disclosure issue was addressed with improved stat
CVE-2022-22578 (A logic issue was addressed with improved validation. This issue is fi ...)
NOT-FOR-US: Apple
CVE-2022-22577 (An XSS Vulnerability in Action Pack &gt;= 5.2.0 and &lt; 5.2.0 that co ...)
- TODO: check
+ - rails <unfixed> (bug #1011941)
+ NOTE: https://discuss.rubyonrails.org/t/cve-2022-22577-possible-xss-vulnerability-in-action-pack/80533
+ NOTE: https://github.com/rails/rails/commit/2b820a2a69fa50cffa74b4aedc57bf92ed6910ec (6-1-stable)
CVE-2022-22576 (An improper authentication vulnerability exists in curl 7.33.0 to and ...)
- curl 7.83.0-1 (bug #1010295)
NOTE: https://curl.se/docs/CVE-2022-22576.html
@@ -33349,7 +33351,9 @@ CVE-2021-44832 (Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding secur
CVE-2022-21832
RESERVED
CVE-2022-21831 (A code injection vulnerability exists in the Active Storage &gt;= v5.2 ...)
- TODO: check
+ - rails <unfixed> (bug #1011940)
+ NOTE: https://github.com/advisories/GHSA-w749-p3v6-hccq
+ NOTE: https://github.com/rails/rails/commit/b0b5eaf477c907819ead1808d09bfaae3eb4cc54 (6-1-stable)
CVE-2022-21830 (A blind self XSS vulnerability exists in RocketChat LiveChat &lt;v1.9 ...)
NOT-FOR-US: Rocket.Chat.Livechat
CVE-2022-21829

© 2014-2022 Faster IT GmbH | imprint | privacy policy