Showing 591 of 591 total issues
Possible Strong Parameters Bypass in ActionPack Open
actionpack (4.2.7.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-8164
Criticality: High
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY
Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1
CSRF Vulnerability in rails-ujs Open
actionview (4.2.7.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-8167
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0
Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1
XSS Vulnerability in Chartkick Ruby Gem Open
chartkick (1.4.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-12732
Criticality: Medium
URL: https://github.com/ankane/chartkick/issues/488
Solution: upgrade to >= 3.2.0
Keepalive Connections Causing Denial Of Service in puma Open
puma (2.16.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2021-29509
Criticality: High
URL: https://github.com/puma/puma/security/advisories/GHSA-q28m-8xjw-8vr5
Solution: upgrade to ~> 4.3.8, >= 5.3.1
Potential XSS vulnerability in Action View Open
actionview (4.2.7.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-15169
Criticality: Medium
URL: https://groups.google.com/g/rubyonrails-security/c/b-C9kSGXYrc
Solution: upgrade to >= 5.2.4.4, ~> 5.2.4, >= 6.0.3.3
haml failure to escape single quotes Open
haml (4.0.7)
- Read upRead up
- Exclude checks
Advisory: CVE-2017-1002201
Criticality: Medium
URL: https://github.com/haml/haml/commit/18576ae6e9bdcb4303fdbe6b3199869d289d67c2
Solution: upgrade to >= 5.0.0.beta.2
HTTP Response Splitting (Early Hints) in Puma Open
puma (2.16.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-5249
Criticality: Medium
URL: https://github.com/puma/puma/security/advisories/GHSA-33vf-4xgg-9r58
Solution: upgrade to ~> 3.12.4, >= 4.3.3
Possible shell escape sequence injection vulnerability in Rack Open
rack (1.6.8)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-30123
Criticality: Critical
URL: https://groups.google.com/g/ruby-security-ann/c/LWB10kWzag8
Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1
Directory traversal in Rack::Directory app bundled with Rack Open
rack (1.6.8)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-8161
Criticality: High
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA
Solution: upgrade to ~> 2.1.3, >= 2.2.0
SQL injection for certain queries with variables Open
blazer (1.1.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-29498
Criticality: High
URL: https://github.com/ankane/blazer/issues/392
Solution: upgrade to >= 2.6.0
Denial of service via multipart parsing in Rack Open
rack (1.6.8)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-44572
URL: https://github.com/rack/rack/releases/tag/v3.0.4.1
Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.1, ~> 2.2.6, >= 3.0.4.1
Denial of Service Vulnerability in Rack Multipart Parsing Open
rack (1.6.8)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-30122
Criticality: High
URL: https://groups.google.com/g/ruby-security-ann/c/L2Axto442qk
Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1
Possible XSS vulnerability in ActionView Open
actionview (4.2.7.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-5267
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/55reWMM_Pg8
Solution: upgrade to >= 5.2.4.2, ~> 5.2.4, >= 6.0.2.2
Keepalive thread overload/DoS in puma Open
puma (2.16.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-16770
Criticality: High
URL: https://github.com/puma/puma/security/advisories/GHSA-7xx3-m584-x994
Solution: upgrade to ~> 3.12.2, >= 4.3.1
HTTP Smuggling via Transfer-Encoding Header in Puma Open
puma (2.16.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-11077
Criticality: Medium
URL: https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm
Solution: upgrade to ~> 3.12.6, >= 4.3.5
Possible DoS Vulnerability in Action Controller Token Authentication Open
actionpack (4.2.7.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2021-22904
Criticality: High
URL: https://groups.google.com/g/rubyonrails-security/c/Pf1TjkOBdyQ
Solution: upgrade to ~> 5.2.4.6, ~> 5.2.6, >= 6.0.3.7, ~> 6.0.3, >= 6.1.3.2
Ability to forge per-form CSRF tokens given a global CSRF token Open
actionpack (4.2.7.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-8166
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw
Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1
HTTP Smuggling via Transfer-Encoding Header in Puma Open
puma (2.16.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-11076
Criticality: High
URL: https://github.com/puma/puma/security/advisories/GHSA-x7jg-6pwg-fx5h
Solution: upgrade to ~> 3.12.5, >= 4.3.4
rack-cors directory traversal via path Open
rack-cors (0.4.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-18978
Criticality: Medium
URL: https://github.com/cyu/rack-cors/commit/e4d4fc362a4315808927011cbe5afcfe5486f17d
Solution: upgrade to >= 1.0.4
HTTP Request Smuggling in puma Open
puma (2.16.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-24790
Criticality: Critical
URL: https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9
Solution: upgrade to ~> 4.3.12, >= 5.6.4