Showing 276 of 276 total issues
Directory traversal in Rack::Directory app bundled with Rack Open
rack (1.6.5)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2020-8161
Criticality: High
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA
Solution: upgrade to ~> 2.1.3, >= 2.2.0
Possible XSS Vulnerability in Action View tag helpers Open
actionview (4.2.8)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2022-27777
Criticality: Medium
URL: https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw
Solution: upgrade to >= 5.2.7.1, ~> 5.2.7, >= 6.0.4.8, ~> 6.0.4, >= 6.1.5.1, ~> 6.1.5, >= 7.0.2.4
Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter Open
activerecord (4.2.8)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2022-44566
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1
Denial of Service Vulnerability in Rack Multipart Parsing Open
rack (1.6.5)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2022-30122
Criticality: High
URL: https://groups.google.com/g/ruby-security-ann/c/L2Axto442qk
Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1
Possible RCE escalation bug with Serialized Columns in Active Record Open
activerecord (4.2.8)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2022-32224
Criticality: Critical
URL: https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U
Solution: upgrade to >= 5.2.8.1, ~> 5.2.8, >= 6.0.5.1, ~> 6.0.5, >= 6.1.6.1, ~> 6.1.6, >= 7.0.3.1
Denial of Service Vulnerability in Rack Content-Disposition parsing Open
rack (1.6.5)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2022-44571
URL: https://github.com/rack/rack/releases/tag/v3.0.4.1
Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.1, ~> 2.2.6, >= 3.0.4.1
ReDoS based DoS vulnerability in Action Dispatch Open
actionpack (4.2.8)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2023-22792
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1
OS Command Injection in Rake Open
rake (11.3.0)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2020-8130
Criticality: High
URL: https://github.com/advisories/GHSA-jppv-gw3r-w3q8
Solution: upgrade to >= 12.3.3
Possible DoS Vulnerability in Active Record PostgreSQL adapter Open
activerecord (4.2.8)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2021-22880
Criticality: Medium
URL: https://groups.google.com/g/rubyonrails-security/c/ZzUqCh9vyhI
Solution: upgrade to >= 5.2.4.5, ~> 5.2.4, >= 6.0.3.5, ~> 6.0.3, >= 6.1.2.1
ReDoS based DoS vulnerability in GlobalID Open
globalid (0.3.7)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2023-22799
URL: https://github.com/rails/globalid/releases/tag/v1.0.1
Solution: upgrade to >= 1.0.1
haml failure to escape single quotes Open
haml (4.0.7)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2017-1002201
Criticality: Medium
URL: https://github.com/haml/haml/commit/18576ae6e9bdcb4303fdbe6b3199869d289d67c2
Solution: upgrade to >= 5.0.0.beta.2
ReDoS based DoS vulnerability in Action Dispatch Open
actionpack (4.2.8)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2023-22795
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1
Possible XSS vulnerability in ActionView Open
actionview (4.2.8)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2020-5267
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/55reWMM_Pg8
Solution: upgrade to >= 5.2.4.2, ~> 5.2.4, >= 6.0.2.2
Percent-encoded cookies can be used to overwrite existing prefixed cookie names Open
rack (1.6.5)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2020-8184
Criticality: High
URL: https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak
Solution: upgrade to ~> 2.1.4, >= 2.2.3
Possible Strong Parameters Bypass in ActionPack Open
actionpack (4.2.8)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2020-8164
Criticality: High
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY
Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1
Keepalive Connections Causing Denial Of Service in puma Open
puma (3.8.2)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2021-29509
Criticality: High
URL: https://github.com/puma/puma/security/advisories/GHSA-q28m-8xjw-8vr5
Solution: upgrade to ~> 4.3.8, >= 5.3.1
Possible shell escape sequence injection vulnerability in Rack Open
rack (1.6.5)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2022-30123
Criticality: Critical
URL: https://groups.google.com/g/ruby-security-ann/c/LWB10kWzag8
Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1
Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore Open
activesupport (4.2.8)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2020-8165
Criticality: Critical
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c
Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1
Ability to forge per-form CSRF tokens given a global CSRF token Open
actionpack (4.2.8)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2020-8166
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw
Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1
Unintended read access in kramdown gem Open
kramdown (1.13.2)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2020-14001
Criticality: Critical
URL: https://github.com/advisories/GHSA-mqm2-cgpr-p4m6
Solution: upgrade to >= 2.3.0