Sign upLogin

nerdhub/hcking

View on GitHub
Star

Showing 144 of 144 total issues

Keepalive Connections Causing Denial Of Service in puma
Open

    puma (3.11.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-29509

Criticality: High

URL: https://github.com/puma/puma/security/advisories/GHSA-q28m-8xjw-8vr5

Solution: upgrade to ~> 4.3.8, >= 5.3.1

Potential XSS vulnerability in Action View
Open

    actionview (4.2.10)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-15169

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/b-C9kSGXYrc

Solution: upgrade to >= 5.2.4.4, ~> 5.2.4, >= 6.0.3.3

ReDoS based DoS vulnerability in Active Support’s underscore
Open

    activesupport (4.2.10)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2023-22796

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

    rack (1.6.10)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8184

Criticality: High

URL: https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak

Solution: upgrade to ~> 2.1.4, >= 2.2.3

Cross-Site Scripting in Kaminari via original_script_name parameter
Open

    kaminari (0.16.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-11082

Criticality: Medium

URL: https://github.com/kaminari/kaminari/security/advisories/GHSA-r5jw-62xg-j433

Solution: upgrade to >= 1.2.1

Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
Open

    activesupport (4.2.10)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8165

Criticality: Critical

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

    activerecord (4.2.10)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-44566

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Possible RCE escalation bug with Serialized Columns in Active Record
Open

    activerecord (4.2.10)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-32224

Criticality: Critical

URL: https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U

Solution: upgrade to >= 5.2.8.1, ~> 5.2.8, >= 6.0.5.1, ~> 6.0.5, >= 6.1.6.1, ~> 6.1.6, >= 7.0.3.1

ReDoS based DoS vulnerability in Action Dispatch
Open

    actionpack (4.2.10)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2023-22795

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Possible XSS Vulnerability in Action View tag helpers
Open

    actionview (4.2.10)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-27777

Criticality: Medium

URL: https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw

Solution: upgrade to >= 5.2.7.1, ~> 5.2.7, >= 6.0.4.8, ~> 6.0.4, >= 6.1.5.1, ~> 6.1.5, >= 7.0.2.4

Ability to forge per-form CSRF tokens given a global CSRF token
Open

    actionpack (4.2.10)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8166

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

Possible XSS vulnerability in ActionView
Open

    actionview (4.2.10)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-5267

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/55reWMM_Pg8

Solution: upgrade to >= 5.2.4.2, ~> 5.2.4, >= 6.0.2.2

ReDoS based DoS vulnerability in GlobalID
Open

    globalid (0.4.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2023-22799

URL: https://github.com/rails/globalid/releases/tag/v1.0.1

Solution: upgrade to >= 1.0.1

Improper neutralization of data URIs may allow XSS in Loofah
Open

    loofah (2.2.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23515

Criticality: Medium

URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-228g-948r-83gx

Solution: upgrade to >= 2.19.1

Inefficient Regular Expression Complexity in Loofah
Open

    loofah (2.2.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23514

Criticality: High

URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-486f-hjj9-9vhh

Solution: upgrade to >= 2.19.1

Out-of-bounds Write in zlib affects Nokogiri
Open

    nokogiri (1.8.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-25032

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5

Solution: upgrade to >= 1.13.4

Older releases of better_errors open to Cross-Site Request Forgery attack
Open

    better_errors (2.4.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-39197

Criticality: Medium

URL: https://github.com/BetterErrors/better_errors/security/advisories/GHSA-w3j4-76qw-wwjm

Solution: upgrade to >= 2.8.0

Loofah XSS Vulnerability
Open

    loofah (2.2.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-15587

Criticality: Medium

URL: https://github.com/flavorjones/loofah/issues/171

Solution: upgrade to >= 2.3.1

Devise Gem for Ruby Time-of-check Time-of-use race condition with lockable module
Open

    devise (4.4.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-5421

Criticality: Critical

URL: https://github.com/plataformatec/devise/issues/4981

Solution: upgrade to >= 4.6.0

OmniAuth's lib/omniauth/failure_endpoint.rb does not escape message_key value
Open

    omniauth (1.8.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-36599

Criticality: Critical

URL: https://github.com/omniauth/omniauth/commit/43a396f181ef7d0ed2ec8291c939c95e3ed3ff00#diff-575abda9deb9b1a77bf534e898a923029b9a61e991d626db88dc6e8b34260aa2

Solution: upgrade to ~> 1.9.2, >= 2.0.0

Severity
Category
Status
Source
Language