From e51505dc06f826df1da13c3c3a0fe5d8b2d6f373 Mon Sep 17 00:00:00 2001 From: Neil Williams Date: Fri, 27 May 2022 12:58:17 +0100 Subject: CVE-2022-21831 & CVE-2022-22577 in rails --- data/CVE/list | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/data/CVE/list b/data/CVE/list index 0a1ad4b085..d1eac667d7 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -27852,7 +27852,9 @@ CVE-2022-22579 (An information disclosure issue was addressed with improved stat CVE-2022-22578 (A logic issue was addressed with improved validation. This issue is fi ...) NOT-FOR-US: Apple CVE-2022-22577 (An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that co ...) - TODO: check + - rails (bug #1011941) + NOTE: https://discuss.rubyonrails.org/t/cve-2022-22577-possible-xss-vulnerability-in-action-pack/80533 + NOTE: https://github.com/rails/rails/commit/2b820a2a69fa50cffa74b4aedc57bf92ed6910ec (6-1-stable) CVE-2022-22576 (An improper authentication vulnerability exists in curl 7.33.0 to and ...) - curl 7.83.0-1 (bug #1010295) NOTE: https://curl.se/docs/CVE-2022-22576.html @@ -33349,7 +33351,9 @@ CVE-2021-44832 (Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding secur CVE-2022-21832 RESERVED CVE-2022-21831 (A code injection vulnerability exists in the Active Storage >= v5.2 ...) - TODO: check + - rails (bug #1011940) + NOTE: https://github.com/advisories/GHSA-w749-p3v6-hccq + NOTE: https://github.com/rails/rails/commit/b0b5eaf477c907819ead1808d09bfaae3eb4cc54 (6-1-stable) CVE-2022-21830 (A blind self XSS vulnerability exists in RocketChat LiveChat <v1.9 ...) NOT-FOR-US: Rocket.Chat.Livechat CVE-2022-21829 -- cgit v1.2.3