Summary: | <dev-ruby/actionpack-{6.0.4.3,6.1.4.3}: open redirect vulnerability | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | IN_PROGRESS --- | ||
Severity: | minor | CC: | ruby |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.openwall.com/lists/oss-security/2021/12/14/5 | ||
Whiteboard: | B4 [glsa?] | ||
Package list: | Runtime testing required: | --- |
Description
John Helmert III
![]() ![]() ![]() ![]() This requires rails 6.0.4.3 and 6.1.4.3. The x.4.2 releases were broken. Rails 5.2 is not affected. Rails 6.0.4.3 and 6.1.4.3 are now available. I'll file a stable bug for actionpack and related dependencies in a few days. Thanks! Tree seems clean now, this only affects >=actionpack-6. |