audited 4.8.0
Race Condition leading to logging errors
low severity GHSA-hjp3-5g2q-7jww>= 4.0.0, < 5.3.3
In certain setups with threaded web servers, Audited's use of Thread.current
can incorrectly attributed audits to the wrong user.
Fixed in 5.3.3.
In March, @convisoappsec noticed that the library in question had a Race Condition problem, which caused logs to be registered at times with different users than those who performed the genuine actions.
- The first issue we identified was from November 2021: https://github.com/collectiveidea/audited/issues/601
- So the solution was implemented in the following Pull Request: https://github.com/collectiveidea/audited/pull/669
- And the feature was published in version 5.3.3: RELEASE: https://github.com/collectiveidea/audited/pull/671
Race Condition leading to logging errors
low severity CVE-2024-22047>= 5.3.3
< 4.0.0
In certain setups with threaded web servers, Audited's use of
Thread.current
can incorrectly attributed audits to the wrong user.
Fixed in 5.3.3.
In March, @convisoappsec noticed that the library in question had a Race Condition problem, which caused logs to be registered at times with different users than those who performed the genuine actions.
-
The first issue we identified was from November 2021: https://github.com/collectiveidea/audited/issues/601
-
So the solution was implemented in the following Pull Request: https://github.com/collectiveidea/audited/pull/669
-
And the feature was published in version 5.3.3: RELEASE: https://github.com/collectiveidea/audited/pull/671
No officially reported memory leakage issues detected.
This gem version does not have any officially reported memory leaked issues.
No license issues detected.
This gem version has a license in the gemspec.
This gem version is available.
This gem version has not been yanked and is still available for usage.