Showing 144 of 144 total issues
Prototype pollution attack through jQuery $.extend Open
jquery-rails (3.1.4)- Read upRead up
- Exclude checks
Advisory: CVE-2019-11358
Criticality: Medium
URL: https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/
Solution: upgrade to >= 4.3.4
XSS Vulnerability on closeText option of Dialog jQuery UI Open
jquery-ui-rails (5.0.5)- Read upRead up
- Exclude checks
Advisory: CVE-2016-7103
Criticality: Medium
URL: https://github.com/jquery/api.jqueryui.com/issues/281
Solution: upgrade to >= 6.0.0
ReDoS based DoS vulnerability in Action Dispatch Open
actionpack (4.2.10)- Read upRead up
- Exclude checks
Advisory: CVE-2023-22792
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1
Possible DoS Vulnerability in Active Record PostgreSQL adapter Open
activerecord (4.2.10)- Read upRead up
- Exclude checks
Advisory: CVE-2021-22880
Criticality: Medium
URL: https://groups.google.com/g/rubyonrails-security/c/ZzUqCh9vyhI
Solution: upgrade to >= 5.2.4.5, ~> 5.2.4, >= 6.0.3.5, ~> 6.0.3, >= 6.1.2.1
Possible shell escape sequence injection vulnerability in Rack Open
rack (1.6.10)- Read upRead up
- Exclude checks
Advisory: CVE-2022-30123
Criticality: Critical
URL: https://groups.google.com/g/ruby-security-ann/c/LWB10kWzag8
Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1
Denial of service via header parsing in Rack Open
rack (1.6.10)- Read upRead up
- Exclude checks
Advisory: CVE-2022-44570
URL: https://github.com/rack/rack/releases/tag/v3.0.4.1
Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.2, ~> 2.2.6, >= 3.0.4.1
CSRF Vulnerability in rails-ujs Open
actionview (4.2.10)- Read upRead up
- Exclude checks
Advisory: CVE-2020-8167
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0
Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1
Possible Information Disclosure / Unintended Method Execution in Action Pack Open
actionpack (4.2.10)- Read upRead up
- Exclude checks
Advisory: CVE-2021-22885
Criticality: High
URL: https://groups.google.com/g/rubyonrails-security/c/NiQl-48cXYI
Solution: upgrade to ~> 5.2.4.6, ~> 5.2.6, >= 6.0.3.7, ~> 6.0.3, >= 6.1.3.2
CSRF vulnerability in OmniAuth's request phase Open
omniauth (1.8.1)- Read upRead up
- Exclude checks
Advisory: CVE-2015-9284
Criticality: High
URL: https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284
Solution: upgrade to >= 2.0.0
Possible DoS Vulnerability in Action Controller Token Authentication Open
actionpack (4.2.10)- Read upRead up
- Exclude checks
Advisory: CVE-2021-22904
Criticality: High
URL: https://groups.google.com/g/rubyonrails-security/c/Pf1TjkOBdyQ
Solution: upgrade to ~> 5.2.4.6, ~> 5.2.6, >= 6.0.3.7, ~> 6.0.3, >= 6.1.3.2
Denial of service via multipart parsing in Rack Open
rack (1.6.10)- Read upRead up
- Exclude checks
Advisory: CVE-2022-44572
URL: https://github.com/rack/rack/releases/tag/v3.0.4.1
Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.1, ~> 2.2.6, >= 3.0.4.1
Denial of Service Vulnerability in Rack Content-Disposition parsing Open
rack (1.6.10)- Read upRead up
- Exclude checks
Advisory: CVE-2022-44571
URL: https://github.com/rack/rack/releases/tag/v3.0.4.1
Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.1, ~> 2.2.6, >= 3.0.4.1
Possible Strong Parameters Bypass in ActionPack Open
actionpack (4.2.10)- Read upRead up
- Exclude checks
Advisory: CVE-2020-8164
Criticality: High
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY
Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1
Directory traversal in Rack::Directory app bundled with Rack Open
rack (1.6.10)- Read upRead up
- Exclude checks
Advisory: CVE-2020-8161
Criticality: High
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA
Solution: upgrade to ~> 2.1.3, >= 2.2.0
Potential XSS vulnerability in jQuery Open
jquery-rails (3.1.4)- Read upRead up
- Exclude checks
Advisory: CVE-2020-11023
Criticality: Medium
URL: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released
Solution: upgrade to >= 4.4.0
HTTP Request Smuggling in puma Open
puma (3.11.2)- Read upRead up
- Exclude checks
Advisory: CVE-2022-24790
Criticality: Critical
URL: https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9
Solution: upgrade to ~> 4.3.12, >= 5.6.4
simple_form Gem for Ruby Incorrect Access Control for forms based on user input Open
simple_form (3.5.0)- Read upRead up
- Exclude checks
Advisory: CVE-2019-16676
Criticality: Critical
URL: https://github.com/plataformatec/simple_form/security/advisories/GHSA-r74q-gxcg-73hx
Solution: upgrade to >= 5.0
Information Exposure with Puma when used with Rails Open
puma (3.11.2)- Read upRead up
- Exclude checks
Advisory: CVE-2022-23634
Criticality: High
URL: https://github.com/puma/puma/security/advisories/GHSA-rmj8-8hhh-gv5h
Solution: upgrade to ~> 4.3.11, >= 5.6.2
Denial of Service Vulnerability in Rack Multipart Parsing Open
rack (1.6.10)- Read upRead up
- Exclude checks
Advisory: CVE-2022-30122
Criticality: High
URL: https://groups.google.com/g/ruby-security-ann/c/L2Axto442qk
Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma Open
puma (3.11.2)- Read upRead up
- Exclude checks
Advisory: CVE-2021-41136
Criticality: Low
URL: https://github.com/puma/puma/security/advisories/GHSA-48w2-rm65-62xx
Solution: upgrade to ~> 4.3.9, >= 5.5.1