Loofah XSS Vulnerability Open
loofah (2.2.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-15587
URL: https://github.com/flavorjones/loofah/issues/171
Solution: upgrade to >= 2.3.1
Devise Gem for Ruby Time-of-check Time-of-use race condition with lockable module Open
devise (4.4.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-5421
Criticality: High
URL: https://github.com/plataformatec/devise/issues/4981
Solution: upgrade to >= 4.6.0
Nokogiri gem, via libxslt, is affected by multiple vulnerabilities Open
nokogiri (1.8.4)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-13117
URL: https://github.com/sparklemotion/nokogiri/issues/1943
Solution: upgrade to >= 1.10.5
Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file Open
nokogiri (1.8.4)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-5477
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/issues/1915
Solution: upgrade to >= 1.10.4
Devise Gem for Ruby confirmation token validation with a blank string Open
devise (4.4.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-16109
URL: https://github.com/plataformatec/devise/issues/5071
Solution: upgrade to >= 4.7.1
libxml2 2.9.10 has an infinite loop in a certain end-of-file situation Open
nokogiri (1.8.4)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-7595
Criticality: Medium
URL: https://github.com/sparklemotion/nokogiri/issues/1992
Solution: upgrade to >= 1.10.8
Remote command execution via filename Open
mini_magick (4.8.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-13574
URL: https://benjamin-bouchet.com/blog/vulnerabilite-dans-la-gem-mini_magick-version-4-9-4/
Solution: upgrade to >= 4.9.4
Nokogiri gem, via libxslt, is affected by improper access control vulnerability Open
nokogiri (1.8.4)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-11068
URL: https://github.com/sparklemotion/nokogiri/issues/1892
Solution: upgrade to >= 1.10.3
Loofah XSS Vulnerability Open
loofah (2.2.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2018-16468
URL: https://github.com/flavorjones/loofah/issues/154
Solution: upgrade to >= 2.2.3
Nokogiri gem, via libxml2, is affected by multiple vulnerabilities Open
nokogiri (1.8.4)
- Read upRead up
- Exclude checks
Advisory: CVE-2018-14404
URL: https://github.com/sparklemotion/nokogiri/issues/1785
Solution: upgrade to >= 1.8.5
Possible DoS vulnerability in Rack Open
rack (2.0.5)
- Read upRead up
- Exclude checks
Advisory: CVE-2018-16470
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/Dz4sRl-ktKk
Solution: upgrade to >= 2.0.6
Possible information leak / session hijack vulnerability Open
rack (2.0.5)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-16782
URL: https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3
Solution: upgrade to ~> 1.6.12, >= 2.0.8
rack-cors directory traversal via path Open
rack-cors (1.0.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-18978
URL: https://github.com/cyu/rack-cors/commit/e4d4fc362a4315808927011cbe5afcfe5486f17d
Solution: upgrade to >= 1.0.4
Possible XSS vulnerability in Rack Open
rack (2.0.5)
- Read upRead up
- Exclude checks
Advisory: CVE-2018-16471
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/NAalCee8n6o
Solution: upgrade to ~> 1.6.11, >= 2.0.6
Denial of Service Vulnerability in Action View Open
actionview (5.1.6)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-5419
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/GN7w9fFAQeI
Solution: upgrade to >= 6.0.0.beta3, >= 5.2.2.1, ~> 5.2.2, >= 5.1.6.2, ~> 5.1.6, >= 5.0.7.2, ~> 5.0.7, >= 4.2.11.1, ~> 4.2.11
Broken Access Control vulnerability in Active Job Open
activejob (5.1.6)
- Read upRead up
- Exclude checks
Advisory: CVE-2018-16476
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/FL4dSdzr2zw
Solution: upgrade to ~> 4.2.11, ~> 5.0.7.1, ~> 5.1.6.1, ~> 5.1.7, >= 5.2.1.1
File Content Disclosure in Action View Open
actionview (5.1.6)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-5418
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q
Solution: upgrade to >= 4.2.11.1, ~> 4.2.11, >= 5.0.7.2, ~> 5.0.7, >= 5.1.6.2, ~> 5.1.6, >= 5.2.2.1, ~> 5.2.2, >= 6.0.0.beta3