ReDoS based DoS vulnerability in Active Support’s underscore Open
activesupport (5.2.4.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2023-22796
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1
Possible exposure of information vulnerability in Action Pack Open
actionpack (5.2.4.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-23633
Criticality: High
URL: https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ
Solution: upgrade to >= 5.2.6.2, ~> 5.2.6, >= 6.0.4.6, ~> 6.0.4, >= 6.1.4.6, ~> 6.1.4, >= 7.0.2.2
Possible RCE escalation bug with Serialized Columns in Active Record Open
activerecord (5.2.4.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-32224
Criticality: Critical
URL: https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U
Solution: upgrade to >= 5.2.8.1, ~> 5.2.8, >= 6.0.5.1, ~> 6.0.5, >= 6.1.6.1, ~> 6.1.6, >= 7.0.3.1
Possible code injection vulnerability in Rails / Active Storage Open
activestorage (5.2.4.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-21831
Criticality: Critical
URL: https://groups.google.com/g/rubyonrails-security/c/n-p-W1yxatI
Solution: upgrade to >= 5.2.6.3, ~> 5.2.6, >= 6.0.4.7, ~> 6.0.4, >= 6.1.4.7, ~> 6.1.4, >= 7.0.2.3
ReDoS based DoS vulnerability in Action Dispatch Open
actionpack (5.2.4.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2023-22795
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1
XML round-trip vulnerability in REXML Open
rexml (3.2.4)
- Read upRead up
- Exclude checks
Advisory: CVE-2021-28965
Criticality: High
URL: https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/
Solution: upgrade to ~> 3.1.9.1, ~> 3.2.3.1, >= 3.2.5
ReDoS based DoS vulnerability in Action Dispatch Open
actionpack (5.2.4.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2023-22792
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1
Possible XSS Vulnerability in Action Pack Open
actionpack (5.2.4.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-22577
Criticality: Medium
URL: https://groups.google.com/g/ruby-security-ann/c/NuFRKaN5swI
Solution: upgrade to >= 5.2.7.1, ~> 5.2.7, >= 6.0.4.8, ~> 6.0.4, >= 6.1.5.1, ~> 6.1.5, >= 7.0.2.4
Possible XSS Vulnerability in Action View tag helpers Open
actionview (5.2.4.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-27777
Criticality: Medium
URL: https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw
Solution: upgrade to >= 5.2.7.1, ~> 5.2.7, >= 6.0.4.8, ~> 6.0.4, >= 6.1.5.1, ~> 6.1.5, >= 7.0.2.4
Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter Open
activerecord (5.2.4.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-44566
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1
Possible DoS Vulnerability in Action Controller Token Authentication Open
actionpack (5.2.4.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2021-22904
Criticality: High
URL: https://groups.google.com/g/rubyonrails-security/c/Pf1TjkOBdyQ
Solution: upgrade to ~> 5.2.4.6, ~> 5.2.6, >= 6.0.3.7, ~> 6.0.3, >= 6.1.3.2
Possible Information Disclosure / Unintended Method Execution in Action Pack Open
actionpack (5.2.4.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2021-22885
Criticality: High
URL: https://groups.google.com/g/rubyonrails-security/c/NiQl-48cXYI
Solution: upgrade to ~> 5.2.4.6, ~> 5.2.6, >= 6.0.3.7, ~> 6.0.3, >= 6.1.3.2
Potential XSS vulnerability in Action View Open
actionview (5.2.4.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-15169
Criticality: Medium
URL: https://groups.google.com/g/rubyonrails-security/c/b-C9kSGXYrc
Solution: upgrade to >= 5.2.4.4, ~> 5.2.4, >= 6.0.3.3
Possible DoS Vulnerability in Active Record PostgreSQL adapter Open
activerecord (5.2.4.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2021-22880
Criticality: Medium
URL: https://groups.google.com/g/rubyonrails-security/c/ZzUqCh9vyhI
Solution: upgrade to >= 5.2.4.5, ~> 5.2.4, >= 6.0.3.5, ~> 6.0.3, >= 6.1.2.1