Sign upLogin

payout/announcer

View on GitHub
Star
Gemfile.lock

Summary

Maintainability
Test Coverage

Denial of service via multipart parsing in Rack
Open

    rack (1.5.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-44572

URL: https://github.com/rack/rack/releases/tag/v3.0.4.1

Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.1, ~> 2.2.6, >= 3.0.4.1

Possible Information Disclosure / Unintended Method Execution in Action Pack
Open

    actionpack (4.0.13)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-22885

Criticality: High

URL: https://groups.google.com/g/rubyonrails-security/c/NiQl-48cXYI

Solution: upgrade to ~> 5.2.4.6, ~> 5.2.6, >= 6.0.3.7, ~> 6.0.3, >= 6.1.3.2

Denial of Service Vulnerability in Rack Content-Disposition parsing
Open

    rack (1.5.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-44571

URL: https://github.com/rack/rack/releases/tag/v3.0.4.1

Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.1, ~> 2.2.6, >= 3.0.4.1

OS Command Injection in Rake
Open

    rake (10.4.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8130

Criticality: High

URL: https://github.com/advisories/GHSA-jppv-gw3r-w3q8

Solution: upgrade to >= 12.3.3

Ability to forge per-form CSRF tokens given a global CSRF token
Open

    actionpack (4.0.13)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8166

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

ReDoS based DoS vulnerability in Action Dispatch
Open

    actionpack (4.0.13)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2023-22795

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

    rack (1.5.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8184

Criticality: High

URL: https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak

Solution: upgrade to ~> 2.1.4, >= 2.2.3

Directory traversal in Rack::Directory app bundled with Rack
Open

    rack (1.5.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8161

Criticality: High

URL: https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA

Solution: upgrade to ~> 2.1.3, >= 2.2.0

Sinatra vulnerable to Reflected File Download attack
Open

    sinatra (1.4.5)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-45442

Criticality: High

URL: https://github.com/sinatra/sinatra/security/advisories/GHSA-2x8x-jmrp-phxw

Solution: upgrade to ~> 2.2.3, >= 3.0.4

Possible DoS Vulnerability in Action Controller Token Authentication
Open

    actionpack (4.0.13)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-22904

Criticality: High

URL: https://groups.google.com/g/rubyonrails-security/c/Pf1TjkOBdyQ

Solution: upgrade to ~> 5.2.4.6, ~> 5.2.6, >= 6.0.3.7, ~> 6.0.3, >= 6.1.3.2

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

    activerecord (4.0.13)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-44566

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
Open

    activesupport (4.0.13)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8165

Criticality: Critical

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

Denial of service via header parsing in Rack
Open

    rack (1.5.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-44570

URL: https://github.com/rack/rack/releases/tag/v3.0.4.1

Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.2, ~> 2.2.6, >= 3.0.4.1

Denial of Service Vulnerability in Rack Multipart Parsing
Open

    rack (1.5.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-30122

Criticality: High

URL: https://groups.google.com/g/ruby-security-ann/c/L2Axto442qk

Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1

Possible shell escape sequence injection vulnerability in Rack
Open

    rack (1.5.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-30123

Criticality: Critical

URL: https://groups.google.com/g/ruby-security-ann/c/LWB10kWzag8

Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1

sinatra does not validate expanded path matches
Open

    sinatra (1.4.5)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-29970

Criticality: High

URL: https://github.com/sinatra/sinatra/pull/1683

Solution: upgrade to >= 2.2.0

Possible Strong Parameters Bypass in ActionPack
Open

    actionpack (4.0.13)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8164

Criticality: High

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

ReDoS based DoS vulnerability in Active Support’s underscore
Open

    activesupport (4.0.13)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2023-22796

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

ReDoS based DoS vulnerability in Action Dispatch
Open

    actionpack (4.0.13)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2023-22792

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Possible RCE escalation bug with Serialized Columns in Active Record
Open

    activerecord (4.0.13)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-32224

Criticality: Critical

URL: https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U

Solution: upgrade to >= 5.2.8.1, ~> 5.2.8, >= 6.0.5.1, ~> 6.0.5, >= 6.1.6.1, ~> 6.1.6, >= 7.0.3.1

Nested attributes rejection proc bypass in Active Record
Open

    activerecord (4.0.13)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2015-7577

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/cawsWcQ6c8g

Solution: upgrade to >= 5.0.0.beta1.1, >= 4.2.5.1, ~> 4.2.5, >= 4.1.14.1, ~> 4.1.14, ~> 3.2.22.1

Possible Denial of Service attack in Active Support
Open

    activesupport (4.0.13)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2015-3227

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/bahr2JLnxvk

Solution: upgrade to >= 4.2.2, ~> 4.1.11, ~> 3.2.22

Possible information leak / session hijack vulnerability
Open

    rack (1.5.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-16782

Criticality: Medium

URL: https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3

Solution: upgrade to ~> 1.6.12, >= 2.0.8

Possible XSS vulnerability in Rack
Open

    rack (1.5.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-16471

URL: https://groups.google.com/forum/#!topic/ruby-security-ann/NAalCee8n6o

Solution: upgrade to ~> 1.6.11, >= 2.0.6

Possible Object Leak and Denial of Service attack in Action Pack
Open

    actionpack (4.0.13)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2016-0751

Criticality: High

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/9oLY_FCzvoc

Solution: upgrade to >= 5.0.0.beta1.1, >= 4.2.5.1, ~> 4.2.5, >= 4.1.14.1, ~> 4.1.14, ~> 3.2.22.1

Timing attack vulnerability in basic authentication in Action Controller.
Open

    actionpack (4.0.13)
Severity: Info
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2015-7576

Criticality: Low

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/ANv0HDHEC3k

Solution: upgrade to >= 5.0.0.beta1.1, >= 4.2.5.1, ~> 4.2.5, >= 4.1.14.1, ~> 4.1.14, ~> 3.2.22.1

i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS
Open

    i18n (0.7.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2014-10077

URL: https://github.com/svenfuchs/i18n/pull/289

Solution: upgrade to >= 0.8.0

Possible Information Leak Vulnerability in Action View
Open

    actionpack (4.0.13)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2016-0752

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/335P1DcLG00

Solution: upgrade to >= 5.0.0.beta1.1, >= 4.2.5.1, ~> 4.2.5, >= 4.1.14.1, ~> 4.1.14, ~> 3.2.22.1

Possible remote code execution vulnerability in Action Pack
Open

    actionpack (4.0.13)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2016-2098

Criticality: High

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/ly-IH-fxr_Q

Solution: upgrade to ~> 3.2.22.2, >= 4.2.5.2, ~> 4.2.5, >= 4.1.14.2, ~> 4.1.14

Possible XSS Vulnerability in Action View
Open

    actionpack (4.0.13)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2016-6316

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/I-VWr034ouk

Solution: upgrade to ~> 3.2.22.3, ~> 4.2.7.1, >= 5.0.0.1

Object leak vulnerability for wildcard controller routes in Action Pack
Open

    actionpack (4.0.13)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2015-7581

Criticality: High

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/dthJ5wL69JE

Solution: upgrade to >= 4.2.5.1, ~> 4.2.5, >= 4.1.14.1, ~> 4.1.14

Possible Information Leak Vulnerability in Action View
Open

    actionpack (4.0.13)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2016-2097

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/ddY6HgqB2z4

Solution: upgrade to ~> 3.2.22.2, ~> 4.1.14, >= 4.1.14.2

rack-protection gem timing attack vulnerability when validating CSRF token
Open

    rack-protection (1.5.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-1000119

Criticality: Medium

URL: https://github.com/sinatra/rack-protection/pull/98

Solution: upgrade to ~> 1.5.5, >= 2.0.0

Path Traversal in Sprockets
Open

    sprockets (2.12.3)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-3760

Criticality: High

URL: https://groups.google.com/forum/#!topic/ruby-security-ann/2S9Pwz2i16k

Solution: upgrade to < 3.0.0, >= 2.12.5, < 4.0.0, >= 3.7.2, >= 4.0.0.beta8

TZInfo relative path traversal vulnerability allows loading of arbitrary files
Open

    tzinfo (0.3.43)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-31163

Criticality: High

URL: https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx

Solution: upgrade to ~> 0.3.61, >= 1.2.10

Path traversal is possible via backslash characters on Windows.
Open

    rack-protection (1.5.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-7212

URL: https://github.com/sinatra/sinatra/pull/1379

Solution: upgrade to >= 2.0.1, ~> 1.5.4

Potential Denial of Service Vulnerability in Rack
Open

    rack (1.5.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2015-3225

URL: https://groups.google.com/forum/#!topic/ruby-security-ann/gcUbICUmKMc

Solution: upgrade to >= 1.6.2, ~> 1.5.4, ~> 1.4.6

There are no issues that match your filters.

Category
Status