json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix) Open
json (2.0.1)- Read upRead up
- Exclude checks
Advisory: CVE-2020-10663
Criticality: High
URL: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/
Solution: upgrade to >= 2.3.0
ReDoS based DoS vulnerability in Active Support’s underscore Open
activesupport (5.0.0)- Read upRead up
- Exclude checks
Advisory: CVE-2023-22796
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1
RuboCop gem Insecure use of /tmp Open
rubocop (0.41.1)- Read upRead up
- Exclude checks
Advisory: CVE-2017-8418
Criticality: Low
URL: https://github.com/bbatsov/rubocop/issues/4336
Solution: upgrade to >= 0.49.0
i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS Open
i18n (0.7.0)- Read upRead up
- Exclude checks
Advisory: CVE-2014-10077
URL: https://github.com/svenfuchs/i18n/pull/289
Solution: upgrade to >= 0.8.0
Race condition when using persistent connections Open
excon (0.51.0)- Read upRead up
- Exclude checks
Advisory: CVE-2019-16779
Criticality: Medium
URL: https://github.com/excon/excon/security/advisories/GHSA-q58g-455p-8vw9
Solution: upgrade to >= 0.71.0
Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore Open
activesupport (5.0.0)- Read upRead up
- Exclude checks
Advisory: CVE-2020-8165
Criticality: Critical
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c
Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1
TZInfo relative path traversal vulnerability allows loading of arbitrary files Open
tzinfo (1.2.2)- Read upRead up
- Exclude checks
Advisory: CVE-2022-31163
Criticality: High
URL: https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx
Solution: upgrade to ~> 0.3.61, >= 1.2.10