Sign upLogin

roshiro/openws_one

View on GitHub
Star
Gemfile.lock

Summary

Maintainability
Test Coverage

Possible DoS Vulnerability in Action Controller Token Authentication
Open

    actionpack (4.1.4)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-22904

Criticality: High

URL: https://groups.google.com/g/rubyonrails-security/c/Pf1TjkOBdyQ

Solution: upgrade to ~> 5.2.4.6, ~> 5.2.6, >= 6.0.3.7, ~> 6.0.3, >= 6.1.3.2

Possible shell escape sequence injection vulnerability in Rack
Open

    rack (1.5.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-30123

Criticality: Critical

URL: https://groups.google.com/g/ruby-security-ann/c/LWB10kWzag8

Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1

Possible XSS vulnerability in ActionView
Open

    actionview (4.1.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-5267

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/55reWMM_Pg8

Solution: upgrade to >= 5.2.4.2, ~> 5.2.4, >= 6.0.2.2

CSRF Vulnerability in rails-ujs
Open

    actionview (4.1.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8167

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

RDoc OS command injection vulnerability
Open

    rdoc (4.2.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-31799

Criticality: High

URL: https://www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc/

Solution: upgrade to ~> 6.1.2.1, ~> 6.2.1.1, >= 6.3.1

Denial of service via multipart parsing in Rack
Open

    rack (1.5.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-44572

URL: https://github.com/rack/rack/releases/tag/v3.0.4.1

Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.1, ~> 2.2.6, >= 3.0.4.1

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

    json (1.8.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-10663

Criticality: High

URL: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/

Solution: upgrade to >= 2.3.0

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma
Open

    puma (3.6.0)
Severity: Info
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-41136

Criticality: Low

URL: https://github.com/puma/puma/security/advisories/GHSA-48w2-rm65-62xx

Solution: upgrade to ~> 4.3.9, >= 5.5.1

Denial of Service Vulnerability in Rack Multipart Parsing
Open

    rack (1.5.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-30122

Criticality: High

URL: https://groups.google.com/g/ruby-security-ann/c/L2Axto442qk

Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1

Keepalive Connections Causing Denial Of Service in puma
Open

    puma (3.6.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-29509

Criticality: High

URL: https://github.com/puma/puma/security/advisories/GHSA-q28m-8xjw-8vr5

Solution: upgrade to ~> 4.3.8, >= 5.3.1

rack-cors directory traversal via path
Open

    rack-cors (0.4.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-18978

Criticality: Medium

URL: https://github.com/cyu/rack-cors/commit/e4d4fc362a4315808927011cbe5afcfe5486f17d

Solution: upgrade to >= 1.0.4

ReDoS based DoS vulnerability in Action Dispatch
Open

    actionpack (4.1.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2023-22792

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Possible XSS Vulnerability in Action View tag helpers
Open

    actionview (4.1.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-27777

Criticality: Medium

URL: https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw

Solution: upgrade to >= 5.2.7.1, ~> 5.2.7, >= 6.0.4.8, ~> 6.0.4, >= 6.1.5.1, ~> 6.1.5, >= 7.0.2.4

Denial of service via header parsing in Rack
Open

    rack (1.5.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-44570

URL: https://github.com/rack/rack/releases/tag/v3.0.4.1

Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.2, ~> 2.2.6, >= 3.0.4.1

Ability to forge per-form CSRF tokens given a global CSRF token
Open

    actionpack (4.1.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8166

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

    activerecord (4.1.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-44566

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Possible RCE escalation bug with Serialized Columns in Active Record
Open

    activerecord (4.1.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-32224

Criticality: Critical

URL: https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U

Solution: upgrade to >= 5.2.8.1, ~> 5.2.8, >= 6.0.5.1, ~> 6.0.5, >= 6.1.6.1, ~> 6.1.6, >= 7.0.3.1

OS Command Injection in Rake
Open

    rake (0.9.6)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8130

Criticality: High

URL: https://github.com/advisories/GHSA-jppv-gw3r-w3q8

Solution: upgrade to >= 12.3.3

Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
Open

    activesupport (4.1.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8165

Criticality: Critical

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

Possible Strong Parameters Bypass in ActionPack
Open

    actionpack (4.1.4)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8164

Criticality: High

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

Potential XSS vulnerability in jQuery
Open

    jquery-rails (3.1.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-11023

Criticality: Medium

URL: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released

Solution: upgrade to >= 4.4.0

Prototype pollution attack through jQuery $.extend
Open

    jquery-rails (3.1.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-11358

Criticality: Medium

URL: https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/

Solution: upgrade to >= 4.3.4

Denial of Service Vulnerability in Rack Content-Disposition parsing
Open

    rack (1.5.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-44571

URL: https://github.com/rack/rack/releases/tag/v3.0.4.1

Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.1, ~> 2.2.6, >= 3.0.4.1

Directory traversal in Rack::Directory app bundled with Rack
Open

    rack (1.5.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8161

Criticality: High

URL: https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA

Solution: upgrade to ~> 2.1.3, >= 2.2.0

ReDoS based DoS vulnerability in Action Dispatch
Open

    actionpack (4.1.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2023-22795

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Potential XSS vulnerability in Action View
Open

    actionview (4.1.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-15169

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/b-C9kSGXYrc

Solution: upgrade to >= 5.2.4.4, ~> 5.2.4, >= 6.0.3.3

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

    rack (1.5.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8184

Criticality: High

URL: https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak

Solution: upgrade to ~> 2.1.4, >= 2.2.3

Possible Information Disclosure / Unintended Method Execution in Action Pack
Open

    actionpack (4.1.4)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-22885

Criticality: High

URL: https://groups.google.com/g/rubyonrails-security/c/NiQl-48cXYI

Solution: upgrade to ~> 5.2.4.6, ~> 5.2.6, >= 6.0.3.7, ~> 6.0.3, >= 6.1.3.2

ReDoS based DoS vulnerability in Active Support’s underscore
Open

    activesupport (4.1.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2023-22796

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Information Exposure with Puma when used with Rails
Open

    puma (3.6.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23634

Criticality: High

URL: https://github.com/puma/puma/security/advisories/GHSA-rmj8-8hhh-gv5h

Solution: upgrade to ~> 4.3.11, >= 5.6.2

HTTP Request Smuggling in puma
Open

    puma (3.6.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-24790

Criticality: Critical

URL: https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9

Solution: upgrade to ~> 4.3.12, >= 5.6.4

Keepalive thread overload/DoS in puma
Open

    puma (3.6.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-16770

Criticality: High

URL: https://github.com/puma/puma/security/advisories/GHSA-7xx3-m584-x994

Solution: upgrade to ~> 3.12.2, >= 4.3.1

Devise Gem for Ruby Time-of-check Time-of-use race condition with lockable module
Open

    devise (4.2.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-5421

Criticality: Critical

URL: https://github.com/plataformatec/devise/issues/4981

Solution: upgrade to >= 4.6.0

File Content Disclosure in Action View
Open

    actionview (4.1.4)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-5418

Criticality: High

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q

Solution: upgrade to >= 4.2.11.1, ~> 4.2.11, >= 5.0.7.2, ~> 5.0.7, >= 5.1.6.2, ~> 5.1.6, >= 5.2.2.1, ~> 5.2.2, >= 6.0.0.beta3

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

    puma (3.6.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-11076

Criticality: High

URL: https://github.com/puma/puma/security/advisories/GHSA-x7jg-6pwg-fx5h

Solution: upgrade to ~> 3.12.5, >= 4.3.4

i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS
Open

    i18n (0.7.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2014-10077

URL: https://github.com/svenfuchs/i18n/pull/289

Solution: upgrade to >= 0.8.0

Possible XSS vulnerability in Rack
Open

    rack (1.5.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-16471

URL: https://groups.google.com/forum/#!topic/ruby-security-ann/NAalCee8n6o

Solution: upgrade to ~> 1.6.11, >= 2.0.6

Possible information leak / session hijack vulnerability
Open

    rack (1.5.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-16782

Criticality: Medium

URL: https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3

Solution: upgrade to ~> 1.6.12, >= 2.0.8

Potential remote code execution of user-provided local names in ActionView
Open

    actionview (4.1.4)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8163

Criticality: High

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/hWuKcHyoKh0

Solution: upgrade to >= 4.2.11.2

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

    puma (3.6.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-11077

Criticality: Medium

URL: https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm

Solution: upgrade to ~> 3.12.6, >= 4.3.5

HTTP Response Splitting (Early Hints) in Puma
Open

    puma (3.6.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-5249

Criticality: Medium

URL: https://github.com/puma/puma/security/advisories/GHSA-33vf-4xgg-9r58

Solution: upgrade to ~> 3.12.4, >= 4.3.3

Possible XSS Vulnerability in Action View
Open

    actionview (4.1.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2016-6316

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/I-VWr034ouk

Solution: upgrade to ~> 4.2.7.1, ~> 4.2.8, >= 5.0.0.1

HTTP Response Splitting vulnerability in puma
Open

    puma (3.6.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-5247

Criticality: Medium

URL: https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v

Solution: upgrade to ~> 3.12.4, >= 4.3.3

Denial of Service Vulnerability in Action View
Open

    actionview (4.1.4)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-5419

Criticality: High

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/GN7w9fFAQeI

Solution: upgrade to >= 6.0.0.beta3, >= 5.2.2.1, ~> 5.2.2, >= 5.1.6.2, ~> 5.1.6, >= 5.0.7.2, ~> 5.0.7, >= 4.2.11.1, ~> 4.2.11

Devise Gem for Ruby confirmation token validation with a blank string
Open

    devise (4.2.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-16109

Criticality: Medium

URL: https://github.com/plataformatec/devise/issues/5071

Solution: upgrade to >= 4.7.1

Possible remote code execution vulnerability in Action Pack
Open

    actionpack (4.1.4)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2016-2098

Criticality: High

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/ly-IH-fxr_Q

Solution: upgrade to ~> 3.2.22.2, >= 4.2.5.2, ~> 4.2.5, >= 4.1.14.2, ~> 4.1.14

Possible Object Leak and Denial of Service attack in Action Pack
Open

    actionpack (4.1.4)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2016-0751

Criticality: High

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/9oLY_FCzvoc

Solution: upgrade to >= 5.0.0.beta1.1, >= 4.2.5.1, ~> 4.2.5, >= 4.1.14.1, ~> 4.1.14, ~> 3.2.22.1

Potential Denial of Service Vulnerability in Rack
Open

    rack (1.5.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2015-3225

URL: https://groups.google.com/forum/#!topic/ruby-security-ann/gcUbICUmKMc

Solution: upgrade to >= 1.6.2, ~> 1.5.4, ~> 1.4.6

Possible Denial of Service attack in Active Support
Open

    activesupport (4.1.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2015-3227

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/bahr2JLnxvk

Solution: upgrade to >= 4.2.2, ~> 4.1.11, ~> 3.2.22

TZInfo relative path traversal vulnerability allows loading of arbitrary files
Open

    tzinfo (1.2.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-31163

Criticality: High

URL: https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx

Solution: upgrade to ~> 0.3.61, >= 1.2.10

Possible Input Validation Circumvention in Active Model
Open

    activemodel (4.1.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2016-0753

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/6jQVC1geukQ

Solution: upgrade to >= 5.0.0.beta1.1, >= 4.2.5.1, ~> 4.2.5, >= 4.1.14.1, ~> 4.1.14

Timing attack vulnerability in basic authentication in Action Controller.
Open

    actionpack (4.1.4)
Severity: Info
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2015-7576

Criticality: Low

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/ANv0HDHEC3k

Solution: upgrade to >= 5.0.0.beta1.1, >= 4.2.5.1, ~> 4.2.5, >= 4.1.14.1, ~> 4.1.14, ~> 3.2.22.1

Arbitrary file existence disclosure in Action Pack
Open

    actionpack (4.1.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2014-7818

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/dCp7duBiQgo

Solution: upgrade to ~> 3.2.20, ~> 4.0.11, ~> 4.1.7, >= 4.2.0.beta3

CVE-2015-9097 rubygem-mail: SMTP injection via recipient email addresses
Open

    mail (2.5.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2015-9097

Criticality: Medium

URL: https://hackerone.com/reports/137631

Solution: upgrade to >= 2.5.5

Arbitrary file existence disclosure in Action Pack
Open

    actionpack (4.1.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2014-7829

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/rMTQy4oRCGk

Solution: upgrade to ~> 3.2.21, ~> 4.0.11.1, ~> 4.0.12, ~> 4.1.7.1, >= 4.1.8

Possible Information Leak Vulnerability in Action View
Open

    actionview (4.1.4)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2016-0752

Criticality: High

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/335P1DcLG00

Solution: upgrade to >= 5.0.0.beta1.1, >= 4.2.5.1, ~> 4.2.5, >= 4.1.14.1, ~> 4.1.14

Nested attributes rejection proc bypass in Active Record
Open

    activerecord (4.1.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2015-7577

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/cawsWcQ6c8g

Solution: upgrade to >= 5.0.0.beta1.1, >= 4.2.5.1, ~> 4.2.5, >= 4.1.14.1, ~> 4.1.14, ~> 3.2.22.1

rack-cors Gem Missing Anchor permits unauthorized CORS requests
Open

    rack-cors (0.4.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2017-11173

Criticality: High

URL: https://github.com/cyu/rack-cors/issues/86

Solution: upgrade to >= 0.4.1

Path Traversal in Sprockets
Open

    sprockets (2.12.4)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-3760

Criticality: High

URL: https://groups.google.com/forum/#!topic/ruby-security-ann/2S9Pwz2i16k

Solution: upgrade to < 3.0.0, >= 2.12.5, < 4.0.0, >= 3.7.2, >= 4.0.0.beta8

Object leak vulnerability for wildcard controller routes in Action Pack
Open

    actionpack (4.1.4)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2015-7581

Criticality: High

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/dthJ5wL69JE

Solution: upgrade to >= 4.2.5.1, ~> 4.2.5, >= 4.1.14.1, ~> 4.1.14

Possible Information Leak Vulnerability in Action View
Open

    actionview (4.1.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2016-2097

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/ddY6HgqB2z4

Solution: upgrade to >= 4.1.14.2, ~> 4.1.14

Data Injection Vulnerability in Active Record
Open

    activerecord (4.1.4)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2014-3514

Criticality: High

URL: https://groups.google.com/forum/#!msg/rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ

Solution: upgrade to ~> 4.0.9, >= 4.1.5

XSS Vulnerability in ActiveSupport::JSON.encode
Open

    activesupport (4.1.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2015-3226

URL: https://groups.google.com/forum/#!topic/ruby-security-ann/7VlB_pck3hU

Solution: upgrade to >= 4.2.2, ~> 4.1.11

Rails 4.1.4 does not encode JSON keys (CVE-2015-3226). Upgrade to Rails version 4.1.11
Open

    rails (4.1.4)
Severity: Minor
Found in Gemfile.lock by brakeman

Read more: https://groups.google.com/d/msg/rubyonrails-security/7VlB_pck3hU/3QZrGIaQW6cJ

create_with is vulnerable to strong params bypass. Upgrade to Rails 4.1.5 or patch
Open

    rails (4.1.4)
Severity: Minor
Found in Gemfile.lock by brakeman

Read more: https://groups.google.com/d/msg/rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ

Rails 4.1.4 is vulnerable to denial of service via mime type caching (CVE-2016-0751). Upgrade to Rails version 4.1.14.1
Open

    rails (4.1.4)
Severity: Minor
Found in Gemfile.lock by brakeman

Read more: https://groups.google.com/d/msg/rubyonrails-security/9oLY_FCzvoc/w9oI9XxbFQAJ

Rails 4.1.4 is vulnerable to denial of service via XML parsing (CVE-2015-3227). Upgrade to Rails version 4.1.11
Open

    rails (4.1.4)
Severity: Minor
Found in Gemfile.lock by brakeman

Read more: https://groups.google.com/d/msg/rubyonrails-security/bahr2JLnxvk/x4EocXnHPp8J

Rails 4.1.4 content_tag does not escape double quotes in attribute values (CVE-2016-6316). Upgrade to 4.2.7.1
Open

    rails (4.1.4)
Severity: Minor
Found in Gemfile.lock by brakeman

Read more: https://groups.google.com/d/msg/ruby-security-ann/8B2iV2tPRSE/JkjCJkSoCgAJ

There are no issues that match your filters.

Category
Status