FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Rails -- multiple vulnerabilities

Affected packages
rubygem-activerecord52 < 5.2.4.5
rubygem-actionpack60 < 6.0.3.5
rubygem-activerecord60 < 6.0.3.5
rubygem-actionpack61 < 6.1.2.1
rubygem-activerecord61 < 6.1.2.1

Details

VuXML ID 8e670b85-706e-11eb-abb2-08002728f74c
Discovery 2021-02-10
Entry 2021-02-17

Ruby on Rails blog:

Rails version 5.2.4.5, 6.0.3.5 and 6.1.2.1 have been released! Those version are security releases and addresses two issues:

CVE-2021-22880: Possible DoS Vulnerability in Active Record PostgreSQL adapter.

CVE-2021-22881: Possible Open Redirect in Host Authorization Middleware.

[source]

References

CVE Name CVE-2021-22880
CVE Name CVE-2021-22881
URL https://discuss.rubyonrails.org/t/cve-2021-22880-possible-dos-vulnerability-in-active-record-postgresql-adapter/77129
URL https://discuss.rubyonrails.org/t/cve-2021-22881-possible-open-redirect-in-host-authorization-middleware/77130
URL https://weblog.rubyonrails.org/2021/2/10/Rails-5-2-4-5-6-0-3-5-and-6-1-2-1-have-been-released/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.

OSZAR »