Remote code execution in Kramdown Open
kramdown (1.17.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2021-28834
Criticality: Critical
URL: https://github.com/advisories/GHSA-52p9-v744-mwjj
Solution: upgrade to >= 2.3.1
Unintended read access in kramdown gem Open
kramdown (1.17.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-14001
Criticality: Critical
URL: https://github.com/advisories/GHSA-mqm2-cgpr-p4m6
Solution: upgrade to >= 2.3.0
Regular Expression Denial of Service in Addressable templates Open
addressable (2.5.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2021-32740
Criticality: High
URL: https://github.com/advisories/GHSA-jxhc-q857-3j6g
Solution: upgrade to >= 2.8.0
Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore Open
activesupport (5.2.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-8165
Criticality: Critical
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c
Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1
ReDoS based DoS vulnerability in Active Support’s underscore Open
activesupport (5.2.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2023-22796
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1
TZInfo relative path traversal vulnerability allows loading of arbitrary files Open
tzinfo (1.2.5)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-31163
Criticality: High
URL: https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx
Solution: upgrade to ~> 0.3.61, >= 1.2.10