Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz@curii.com>
h3. GHSL-2022-063
GitHub Security Lab (GHSL) reported a remote code execution (RCE)
-vulnerability in the Arvados Workbench allows authenticated attackers
+vulnerability in the Arvados Workbench that allows authenticated attackers
to execute arbitrary code via specially crafted JSON payloads.
This vulnerability is fixed in 2.4.2.
-We believe the vulnerability exists all versions of Arvados up to 2.4.1.
+We believe the vulnerability exists in all versions of Arvados up to 2.4.1.
This vulnerability is specific to the Ruby on Rails Workbench
application ("Workbench 1"). We do not believe any other Arvados