CVE-2017-20179

Source
https://nvd.nist.gov/vuln/detail/CVE-2017-20179
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-20179.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-20179
Published
2023-02-21T21:15:10Z
Modified
2025-01-08T10:11:48.397180Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A vulnerability was found in InSTEDD Pollit 2.3.1. It has been rated as critical. This issue affects the function TourController of the file app/controllers/tour_controller.rb. The manipulation leads to an unknown weakness. The attack may be initiated remotely. Upgrading to version 2.3.2 is able to address this issue. The patch is named 6ef04f8b5972d5f16f8b86f8b53f62fac68d5498. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-221507.

References

Affected packages

Git / github.com/instedd/pollit

Affected ranges

Type
GIT
Repo
https://github.com/instedd/pollit
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

2.*

2.0
2.1
2.1.1
2.2
2.2-pre1
2.3
2.3-pre1
2.3-pre2
2.3-pre3
2.3-pre4
2.3-pre5

v1.*

v1.0.0
v1.0.1
v1.0.10
v1.0.11
v1.0.2
v1.0.3
v1.0.4
v1.0.5
v1.0.6
v1.0.7
v1.0.8
v1.0.9
v1.1.0
v1.2.0-i18n
v1.2.1
v1.2.2
v1.2.3
v1.2.4