Issues - sgmap/boussole

Directory traversal in Rack::Directory app bundled with Rack
Open

    rack (1.6.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8161

Criticality: High

URL: https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA

Solution: upgrade to ~> 2.1.3, >= 2.2.0

Possible XSS Vulnerability in Action View tag helpers
Open

    actionview (4.2.8)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-27777

Criticality: Medium

URL: https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw

Solution: upgrade to >= 5.2.7.1, ~> 5.2.7, >= 6.0.4.8, ~> 6.0.4, >= 6.1.5.1, ~> 6.1.5, >= 7.0.2.4

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

    activerecord (4.2.8)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-44566

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Denial of Service Vulnerability in Rack Multipart Parsing
Open

    rack (1.6.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-30122

Criticality: High

URL: https://groups.google.com/g/ruby-security-ann/c/L2Axto442qk

Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1

Possible RCE escalation bug with Serialized Columns in Active Record
Open

    activerecord (4.2.8)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-32224

Criticality: Critical

URL: https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U

Solution: upgrade to >= 5.2.8.1, ~> 5.2.8, >= 6.0.5.1, ~> 6.0.5, >= 6.1.6.1, ~> 6.1.6, >= 7.0.3.1

Denial of Service Vulnerability in Rack Content-Disposition parsing
Open

    rack (1.6.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-44571

URL: https://github.com/rack/rack/releases/tag/v3.0.4.1

Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.1, ~> 2.2.6, >= 3.0.4.1

ReDoS based DoS vulnerability in Action Dispatch
Open

    actionpack (4.2.8)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2023-22792

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

OS Command Injection in Rake
Open

    rake (11.3.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8130

Criticality: High

URL: https://github.com/advisories/GHSA-jppv-gw3r-w3q8

Solution: upgrade to >= 12.3.3

Possible DoS Vulnerability in Active Record PostgreSQL adapter
Open

    activerecord (4.2.8)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-22880

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/ZzUqCh9vyhI

Solution: upgrade to >= 5.2.4.5, ~> 5.2.4, >= 6.0.3.5, ~> 6.0.3, >= 6.1.2.1

ReDoS based DoS vulnerability in GlobalID
Open

    globalid (0.3.7)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2023-22799

URL: https://github.com/rails/globalid/releases/tag/v1.0.1

Solution: upgrade to >= 1.0.1

haml failure to escape single quotes
Open

    haml (4.0.7)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2017-1002201

Criticality: Medium

URL: https://github.com/haml/haml/commit/18576ae6e9bdcb4303fdbe6b3199869d289d67c2

Solution: upgrade to >= 5.0.0.beta.2

ReDoS based DoS vulnerability in Action Dispatch
Open

    actionpack (4.2.8)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2023-22795

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Possible XSS vulnerability in ActionView
Open

    actionview (4.2.8)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-5267

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/55reWMM_Pg8

Solution: upgrade to >= 5.2.4.2, ~> 5.2.4, >= 6.0.2.2

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

    rack (1.6.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8184

Criticality: High

URL: https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak

Solution: upgrade to ~> 2.1.4, >= 2.2.3

Possible Strong Parameters Bypass in ActionPack
Open

    actionpack (4.2.8)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8164

Criticality: High

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

Keepalive Connections Causing Denial Of Service in puma
Open

    puma (3.8.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-29509

Criticality: High

URL: https://github.com/puma/puma/security/advisories/GHSA-q28m-8xjw-8vr5

Solution: upgrade to ~> 4.3.8, >= 5.3.1

Possible shell escape sequence injection vulnerability in Rack
Open

    rack (1.6.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-30123

Criticality: Critical

URL: https://groups.google.com/g/ruby-security-ann/c/LWB10kWzag8

Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1

Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
Open

    activesupport (4.2.8)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8165

Criticality: Critical

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

Ability to forge per-form CSRF tokens given a global CSRF token
Open

    actionpack (4.2.8)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8166

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

Unintended read access in kramdown gem
Open

    kramdown (1.13.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-14001

Criticality: Critical

URL: https://github.com/advisories/GHSA-mqm2-cgpr-p4m6

Solution: upgrade to >= 2.3.0

sgmap/boussole

Showing 276 of 276 total issues

Directory traversal in Rack::Directory app bundled with Rack
Open

Possible XSS Vulnerability in Action View tag helpers
Open

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

Denial of Service Vulnerability in Rack Multipart Parsing
Open

Possible RCE escalation bug with Serialized Columns in Active Record
Open

Denial of Service Vulnerability in Rack Content-Disposition parsing
Open

ReDoS based DoS vulnerability in Action Dispatch
Open

OS Command Injection in Rake
Open

Possible DoS Vulnerability in Active Record PostgreSQL adapter
Open

ReDoS based DoS vulnerability in GlobalID
Open

haml failure to escape single quotes
Open

ReDoS based DoS vulnerability in Action Dispatch
Open

Possible XSS vulnerability in ActionView
Open

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

Possible Strong Parameters Bypass in ActionPack
Open

Keepalive Connections Causing Denial Of Service in puma
Open

Possible shell escape sequence injection vulnerability in Rack
Open

Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
Open

Ability to forge per-form CSRF tokens given a global CSRF token
Open

Unintended read access in kramdown gem
Open

Severity

Category

Status

Source

Language

sgmap/boussole

Showing 276 of 276 total issues

Directory traversal in Rack::Directory app bundled with Rack Open

Possible XSS Vulnerability in Action View tag helpers Open

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter Open

Denial of Service Vulnerability in Rack Multipart Parsing Open

Possible RCE escalation bug with Serialized Columns in Active Record Open

Denial of Service Vulnerability in Rack Content-Disposition parsing Open

ReDoS based DoS vulnerability in Action Dispatch Open

OS Command Injection in Rake Open

Possible DoS Vulnerability in Active Record PostgreSQL adapter Open

ReDoS based DoS vulnerability in GlobalID Open

haml failure to escape single quotes Open

ReDoS based DoS vulnerability in Action Dispatch Open

Possible XSS vulnerability in ActionView Open

Percent-encoded cookies can be used to overwrite existing prefixed cookie names Open

Possible Strong Parameters Bypass in ActionPack Open

Keepalive Connections Causing Denial Of Service in puma Open

Possible shell escape sequence injection vulnerability in Rack Open

Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore Open

Ability to forge per-form CSRF tokens given a global CSRF token Open

Unintended read access in kramdown gem Open

Severity

Category

Status

Source

Language

Directory traversal in Rack::Directory app bundled with Rack
Open

Possible XSS Vulnerability in Action View tag helpers
Open

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

Denial of Service Vulnerability in Rack Multipart Parsing
Open

Possible RCE escalation bug with Serialized Columns in Active Record
Open

Denial of Service Vulnerability in Rack Content-Disposition parsing
Open

ReDoS based DoS vulnerability in Action Dispatch
Open

OS Command Injection in Rake
Open

Possible DoS Vulnerability in Active Record PostgreSQL adapter
Open

ReDoS based DoS vulnerability in GlobalID
Open

haml failure to escape single quotes
Open

ReDoS based DoS vulnerability in Action Dispatch
Open

Possible XSS vulnerability in ActionView
Open

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

Possible Strong Parameters Bypass in ActionPack
Open

Keepalive Connections Causing Denial Of Service in puma
Open

Possible shell escape sequence injection vulnerability in Rack
Open

Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
Open

Ability to forge per-form CSRF tokens given a global CSRF token
Open

Unintended read access in kramdown gem
Open