AVG-1904 - gitlab - Arch Linux

AVG-1904 log

Package	gitlab
Status	Vulnerable
Severity	Medium
Type	multiple issues
Affected	13.11.3-1
Fixed	Unknown
Current	13.11.3-1 [community-testing] 13.10.4-1 [community]
Ticket	Create
Created	Sun May 2 18:02:58 2021

Issue	Severity	Remote	Type	Description
CVE-2021-31799	Medium	Yes	Arbitrary command execution	RDoc before version 6.3.1 used to call Kernel#open to open a local file. If a Ruby project has a file whose name starts with "\|" and ends with "tags", the...
CVE-2021-22904	Low	Yes	Denial of service	There is a possible denial of service (DoS) vulnerability in the Token Authentication logic in Action Controller before versions 6.1.3.2, 6.0.3.7, 5.2.4.6...
CVE-2021-22902	Low	Yes	Denial of service	There is a possible Denial of Service vulnerability in Action Dispatch before version 6 before 6.0.3.7 and 6.1.0.2. Carefully crafted Accept headers can...
CVE-2021-22885	Medium	Yes	Information disclosure	There is a possible information disclosure/unintended method execution vulnerability in Action Pack before versions 6.1.3.2, 6.0.3.7, 5.2.4.6 and 5.2.6 when...

Notes
RDoc version 6.1.2 and Action Pack version 6.0.3.6 are bundled in GitLab version 13.11.3.