OS Command Injection in Rake Open
rake (11.3.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-8130
Criticality: High
URL: https://github.com/advisories/GHSA-jppv-gw3r-w3q8
Solution: upgrade to >= 12.3.3
json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix) Open
json (1.8.6)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-10663
Criticality: High
URL: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/
Solution: upgrade to >= 2.3.0
Potential arbitrary file read vulnerability in yard server Open
yard (0.8.7.6)
- Read upRead up
- Exclude checks
Advisory: CVE-2017-17042
Criticality: High
URL: https://nvd.nist.gov/vuln/detail/CVE-2017-17042
Solution: upgrade to >= 0.9.11
Possible arbitrary path traversal and file access via yard server
Open
yard (0.8.7.6)
- Read upRead up
- Exclude checks
Advisory:
URL: https://github.com/lsegal/yard/security/advisories/GHSA-xfhh-rx56-rxcr
Solution: upgrade to >= 0.9.20
Regular Expression Denial of Service in Addressable templates Open
addressable (2.5.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2021-32740
Criticality: High
URL: https://github.com/advisories/GHSA-jxhc-q857-3j6g
Solution: upgrade to >= 2.8.0
Arbitrary path traversal and file access via yard server
Open
yard (0.8.7.6)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-1020001
Criticality: High
URL: https://github.com/lsegal/yard/security/advisories/GHSA-xfhh-rx56-rxcr
Solution: upgrade to >= 0.9.20