Showing 70 of 70 total issues
ReDoS based DoS vulnerability in GlobalID Open
globalid (0.4.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2023-22799
URL: https://github.com/rails/globalid/releases/tag/v1.0.1
Solution: upgrade to >= 1.0.1
Possible DoS Vulnerability in Active Record PostgreSQL adapter Open
activerecord (5.1.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2021-22880
Criticality: Medium
URL: https://groups.google.com/g/rubyonrails-security/c/ZzUqCh9vyhI
Solution: upgrade to >= 5.2.4.5, ~> 5.2.4, >= 6.0.3.5, ~> 6.0.3, >= 6.1.2.1
Loofah XSS Vulnerability Open
loofah (2.0.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2018-8048
Criticality: Medium
URL: https://github.com/flavorjones/loofah/issues/144
Solution: upgrade to >= 2.2.1
Improper neutralization of data URIs may allow XSS in rails-html-sanitizer Open
rails-html-sanitizer (1.0.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-23518
Criticality: Medium
URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m
Solution: upgrade to >= 1.4.4
Potential XSS vulnerability in Action View Open
actionview (5.1.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-15169
Criticality: Medium
URL: https://groups.google.com/g/rubyonrails-security/c/b-C9kSGXYrc
Solution: upgrade to >= 5.2.4.4, ~> 5.2.4, >= 6.0.3.3
Regular Expression Denial of Service in Addressable templates Open
addressable (2.5.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2021-32740
Criticality: High
URL: https://github.com/advisories/GHSA-jxhc-q857-3j6g
Solution: upgrade to >= 2.8.0
Possible XSS vulnerability with certain configurations of rails-html-sanitizer Open
rails-html-sanitizer (1.0.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-23520
Criticality: Medium
URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8
Solution: upgrade to >= 1.4.4
Possible RCE escalation bug with Serialized Columns in Active Record Open
activerecord (5.1.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-32224
Criticality: Critical
URL: https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U
Solution: upgrade to >= 5.2.8.1, ~> 5.2.8, >= 6.0.5.1, ~> 6.0.5, >= 6.1.6.1, ~> 6.1.6, >= 7.0.3.1
Nokogiri gem, via libxslt, is affected by improper access control vulnerability Open
nokogiri (1.8.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-11068
URL: https://github.com/sparklemotion/nokogiri/issues/1892
Solution: upgrade to >= 1.10.3
Inefficient Regular Expression Complexity in rails-html-sanitizer Open
rails-html-sanitizer (1.0.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-23517
Criticality: High
URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w
Solution: upgrade to >= 1.4.4
Update packaged dependency libxml2 from 2.9.10 to 2.9.12 Open
nokogiri (1.8.2)
- Read upRead up
- Exclude checks
Advisory:
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64
Solution: upgrade to >= 1.11.4
Possible XSS Vulnerability in Action View tag helpers Open
actionview (5.1.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-27777
Criticality: Medium
URL: https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw
Solution: upgrade to >= 5.2.7.1, ~> 5.2.7, >= 6.0.4.8, ~> 6.0.4, >= 6.1.5.1, ~> 6.1.5, >= 7.0.2.4
Possible Strong Parameters Bypass in ActionPack Open
actionpack (5.1.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-8164
Criticality: High
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY
Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1
Nokogiri gem, via libxslt, is affected by multiple vulnerabilities Open
nokogiri (1.8.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-13117
URL: https://github.com/sparklemotion/nokogiri/issues/1943
Solution: upgrade to >= 1.10.5
Possible exposure of information vulnerability in Action Pack Open
actionpack (5.1.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-23633
Criticality: High
URL: https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ
Solution: upgrade to >= 5.2.6.2, ~> 5.2.6, >= 6.0.4.6, ~> 6.0.4, >= 6.1.4.6, ~> 6.1.4, >= 7.0.2.2
Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35) Open
nokogiri (1.8.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2021-30560
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2
Solution: upgrade to >= 1.13.2
Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby Open
nokogiri (1.8.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2021-41098
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h
Solution: upgrade to >= 1.12.5
Percent-encoded cookies can be used to overwrite existing prefixed cookie names Open
rack (2.0.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-8184
Criticality: High
URL: https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak
Solution: upgrade to ~> 2.1.4, >= 2.2.3
Possible Information Disclosure / Unintended Method Execution in Action Pack Open
actionpack (5.1.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2021-22885
Criticality: High
URL: https://groups.google.com/g/rubyonrails-security/c/NiQl-48cXYI
Solution: upgrade to ~> 5.2.4.6, ~> 5.2.6, >= 6.0.3.7, ~> 6.0.3, >= 6.1.3.2
Ability to forge per-form CSRF tokens given a global CSRF token Open
actionpack (5.1.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-8166
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw
Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1