Sign upLogin

nicb/hijack

View on GitHub
Star

Showing 62 of 62 total issues

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

    json (1.8.3)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-10663

Criticality: High

URL: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/

Solution: upgrade to >= 2.3.0

Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
Open

    activesupport (4.2.6)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8165

Criticality: Critical

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

Paperclip Gem for Ruby vulnerable to content type spoofing
Open

    paperclip (2.7.5)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2015-2963

Criticality: Medium

URL: https://robots.thoughtbot.com/paperclip-security-release

Solution: upgrade to >= 4.2.2

OS Command Injection in Rake
Open

    rake (10.5.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8130

Criticality: High

URL: https://github.com/advisories/GHSA-jppv-gw3r-w3q8

Solution: upgrade to >= 12.3.3

Paperclip ruby gem suffers from a Server-Side Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter and Paperclip::HttpUrlProxyAdapter class.
Open

    paperclip (2.7.5)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2017-0889

Criticality: Critical

URL: https://github.com/thoughtbot/paperclip/pull/2435

Solution: upgrade to >= 5.2.0

Paperclip Gem for Ruby contains a flaw
Open

    paperclip (2.7.5)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: OSVDB-103151

URL: http://osvdb.org/show/osvdb/103151

Solution: upgrade to >= 4.0.0

ReDoS based DoS vulnerability in Active Support’s underscore
Open

    activesupport (4.2.6)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2023-22796

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

    activerecord (4.2.6)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-44566

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Possible DoS Vulnerability in Active Record PostgreSQL adapter
Open

    activerecord (4.2.6)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-22880

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/ZzUqCh9vyhI

Solution: upgrade to >= 5.2.4.5, ~> 5.2.4, >= 6.0.3.5, ~> 6.0.3, >= 6.1.2.1

Possible RCE escalation bug with Serialized Columns in Active Record
Open

    activerecord (4.2.6)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-32224

Criticality: Critical

URL: https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U

Solution: upgrade to >= 5.2.8.1, ~> 5.2.8, >= 6.0.5.1, ~> 6.0.5, >= 6.1.6.1, ~> 6.1.6, >= 7.0.3.1

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

    nokogiri (1.6.8)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory:

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-cgx6-hpwq-fhv5

Solution: upgrade to >= 1.13.5

Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities
Open

    nokogiri (1.6.8)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2017-9050

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1673

Solution: upgrade to >= 1.8.1

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

    nokogiri (1.6.8)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2017-16932

URL: https://github.com/sparklemotion/nokogiri/issues/1714

Solution: upgrade to >= 1.8.1

Inefficient Regular Expression Complexity in Nokogiri
Open

    nokogiri (1.6.8)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-24836

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8

Solution: upgrade to >= 1.13.4

Improper Handling of Unexpected Data Type in Nokogiri
Open

    nokogiri (1.6.8)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-29181

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m

Solution: upgrade to >= 1.13.6

Nokogiri gem contains several vulnerabilities in libxml2 and libxslt
Open

    nokogiri (1.6.8)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2016-4658

Criticality: Critical

URL: https://github.com/sparklemotion/nokogiri/issues/1615

Solution: upgrade to >= 1.7.1

XML Injection in Xerces Java affects Nokogiri
Open

    nokogiri (1.6.8)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23437

Criticality: Medium

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xxx9-3xcr-gjj3

Solution: upgrade to >= 1.13.4

Out-of-bounds Write in zlib affects Nokogiri
Open

    nokogiri (1.6.8)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-25032

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5

Solution: upgrade to >= 1.13.4

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

    nokogiri (1.6.8)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory:

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64

Solution: upgrade to >= 1.11.4

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

    nokogiri (1.6.8)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory:

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw

Solution: upgrade to >= 1.13.9

Severity
Category
Status
Source
Language