Showing 761 of 761 total issues
Information Exposure with Puma when used with Rails Open
puma (2.15.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-23634
Criticality: High
URL: https://github.com/puma/puma/security/advisories/GHSA-rmj8-8hhh-gv5h
Solution: upgrade to ~> 4.3.11, >= 5.6.2
HTTP Response Splitting (Early Hints) in Puma Open
puma (2.15.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-5249
Criticality: Medium
URL: https://github.com/puma/puma/security/advisories/GHSA-33vf-4xgg-9r58
Solution: upgrade to ~> 3.12.4, >= 4.3.3
OS Command Injection in Rake Open
rake (10.5.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-8130
Criticality: High
URL: https://github.com/advisories/GHSA-jppv-gw3r-w3q8
Solution: upgrade to >= 12.3.3
ReDoS based DoS vulnerability in Action Dispatch Open
actionpack (4.2.5.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2023-22795
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1
ReDoS based DoS vulnerability in Action Dispatch Open
actionpack (4.2.5.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2023-22792
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1
ReDoS based DoS vulnerability in GlobalID Open
globalid (0.3.6)
- Read upRead up
- Exclude checks
Advisory: CVE-2023-22799
URL: https://github.com/rails/globalid/releases/tag/v1.0.1
Solution: upgrade to >= 1.0.1
HTTP Response Splitting vulnerability in puma Open
puma (2.15.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-5247
Criticality: Medium
URL: https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v
Solution: upgrade to ~> 3.12.4, >= 4.3.3
Possible Strong Parameters Bypass in ActionPack Open
actionpack (4.2.5.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-8164
Criticality: High
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY
Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1
Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter Open
activerecord (4.2.5.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-44566
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1
ReDoS based DoS vulnerability in Active Support’s underscore Open
activesupport (4.2.5.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2023-22796
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1
Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore Open
activesupport (4.2.5.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-8165
Criticality: Critical
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c
Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1
json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix) Open
json (1.8.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-10663
Criticality: High
URL: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/
Solution: upgrade to >= 2.3.0
Percent-encoded cookies can be used to overwrite existing prefixed cookie names Open
rack (1.6.4)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-8184
Criticality: High
URL: https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak
Solution: upgrade to ~> 2.1.4, >= 2.2.3
Keepalive thread overload/DoS in puma Open
puma (2.15.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-16770
Criticality: High
URL: https://github.com/puma/puma/security/advisories/GHSA-7xx3-m584-x994
Solution: upgrade to ~> 3.12.2, >= 4.3.1
HTTP Request Smuggling in puma Open
puma (2.15.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-24790
Criticality: Critical
URL: https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9
Solution: upgrade to ~> 4.3.12, >= 5.6.4
CSRF Vulnerability in rails-ujs Open
actionview (4.2.5.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-8167
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0
Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma Open
puma (2.15.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2021-41136
Criticality: Low
URL: https://github.com/puma/puma/security/advisories/GHSA-48w2-rm65-62xx
Solution: upgrade to ~> 4.3.9, >= 5.5.1
sinatra does not validate expanded path matches Open
sinatra (1.4.6)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-29970
Criticality: High
URL: https://github.com/sinatra/sinatra/pull/1683
Solution: upgrade to >= 2.2.0
simple_form Gem for Ruby Incorrect Access Control for forms based on user input Open
simple_form (3.2.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-16676
Criticality: Critical
URL: https://github.com/plataformatec/simple_form/security/advisories/GHSA-r74q-gxcg-73hx
Solution: upgrade to >= 5.0
Sinatra vulnerable to Reflected File Download attack Open
sinatra (1.4.6)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-45442
Criticality: High
URL: https://github.com/sinatra/sinatra/security/advisories/GHSA-2x8x-jmrp-phxw
Solution: upgrade to ~> 2.2.3, >= 3.0.4