FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Rails -- multiple vulnerabilities

Affected packages
rubygem-activerecord52 < 5.2.4.5
rubygem-actionpack60 < 6.0.3.5
rubygem-activerecord60 < 6.0.3.5
rubygem-actionpack61 < 6.1.2.1
rubygem-activerecord61 < 6.1.2.1

Details

VuXML ID 8e670b85-706e-11eb-abb2-08002728f74c
Discovery 2021-02-10
Entry 2021-02-17

Ruby on Rails blog:

Rails version 5.2.4.5, 6.0.3.5 and 6.1.2.1 have been released! Those version are security releases and addresses two issues:

CVE-2021-22880: Possible DoS Vulnerability in Active Record PostgreSQL adapter.

CVE-2021-22881: Possible Open Redirect in Host Authorization Middleware.

[source]

References

CVE Name CVE-2021-22880
CVE Name CVE-2021-22881
URL https://discuss.rubyonrails.org/t/cve-2021-22880-possible-dos-vulnerability-in-active-record-postgresql-adapter/77129
URL https://discuss.rubyonrails.org/t/cve-2021-22881-possible-open-redirect-in-host-authorization-middleware/77130
URL https://weblog.rubyonrails.org/2021/2/10/Rails-5-2-4-5-6-0-3-5-and-6-1-2-1-have-been-released/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.