Issues - stevegrossi/stevegrossi

ReDoS based DoS vulnerability in Action Dispatch
Open

    actionpack (4.2.7.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2023-22792

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

CSRF Vulnerability in rails-ujs
Open

    actionview (4.2.7.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8167

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

Possible RCE escalation bug with Serialized Columns in Active Record
Open

    activerecord (4.2.7.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-32224

Criticality: Critical

URL: https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U

Solution: upgrade to >= 5.2.8.1, ~> 5.2.8, >= 6.0.5.1, ~> 6.0.5, >= 6.1.6.1, ~> 6.1.6, >= 7.0.3.1

Possible DoS Vulnerability in Active Record PostgreSQL adapter
Open

    activerecord (4.2.7.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-22880

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/ZzUqCh9vyhI

Solution: upgrade to >= 5.2.4.5, ~> 5.2.4, >= 6.0.3.5, ~> 6.0.3, >= 6.1.2.1

Unsanitized input leading to code injection in Dalli
Open

    dalli (2.7.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-4064

Criticality: Low

URL: https://github.com/petergoldstein/dalli/issues/932

Solution: upgrade to >= 3.2.3

Possible Information Disclosure / Unintended Method Execution in Action Pack
Open

    actionpack (4.2.7.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-22885

Criticality: High

URL: https://groups.google.com/g/rubyonrails-security/c/NiQl-48cXYI

Solution: upgrade to ~> 5.2.4.6, ~> 5.2.6, >= 6.0.3.7, ~> 6.0.3, >= 6.1.3.2

Possible Strong Parameters Bypass in ActionPack
Open

    actionpack (4.2.7.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8164

Criticality: High

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

Denial of Service Vulnerability in Rack Multipart Parsing
Open

    rack (1.6.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-30122

Criticality: High

URL: https://groups.google.com/g/ruby-security-ann/c/L2Axto442qk

Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1

Denial of Service Vulnerability in Rack Content-Disposition parsing
Open

    rack (1.6.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-44571

URL: https://github.com/rack/rack/releases/tag/v3.0.4.1

Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.1, ~> 2.2.6, >= 3.0.4.1

Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
Open

    activesupport (4.2.7.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8165

Criticality: Critical

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

Cross-Site Scripting in Kaminari via `original_script_name` parameter
Open

    kaminari (0.16.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-11082

Criticality: Medium

URL: https://github.com/kaminari/kaminari/security/advisories/GHSA-r5jw-62xg-j433

Solution: upgrade to >= 1.2.1

Denial of service via header parsing in Rack
Open

    rack (1.6.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-44570

URL: https://github.com/rack/rack/releases/tag/v3.0.4.1

Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.2, ~> 2.2.6, >= 3.0.4.1

Ability to forge per-form CSRF tokens given a global CSRF token
Open

    actionpack (4.2.7.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8166

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

Potential XSS vulnerability in Action View
Open

    actionview (4.2.7.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-15169

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/b-C9kSGXYrc

Solution: upgrade to >= 5.2.4.4, ~> 5.2.4, >= 6.0.3.3

Devise Gem for Ruby confirmation token validation with a blank string
Open

    devise (3.5.6)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-16109

Criticality: Medium

URL: https://github.com/plataformatec/devise/issues/5071

Solution: upgrade to >= 4.7.1

Possible XSS Vulnerability in Action View tag helpers
Open

    actionview (4.2.7.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-27777

Criticality: Medium

URL: https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw

Solution: upgrade to >= 5.2.7.1, ~> 5.2.7, >= 6.0.4.8, ~> 6.0.4, >= 6.1.5.1, ~> 6.1.5, >= 7.0.2.4

ReDoS based DoS vulnerability in Active Support’s underscore
Open

    activesupport (4.2.7.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2023-22796

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

    json (1.8.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-10663

Criticality: High

URL: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/

Solution: upgrade to >= 2.3.0

Denial of service via multipart parsing in Rack
Open

    rack (1.6.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-44572

URL: https://github.com/rack/rack/releases/tag/v3.0.4.1

Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.1, ~> 2.2.6, >= 3.0.4.1

Possible DoS Vulnerability in Action Controller Token Authentication
Open

    actionpack (4.2.7.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-22904

Criticality: High

URL: https://groups.google.com/g/rubyonrails-security/c/Pf1TjkOBdyQ

Solution: upgrade to ~> 5.2.4.6, ~> 5.2.6, >= 6.0.3.7, ~> 6.0.3, >= 6.1.3.2

stevegrossi/stevegrossi

Showing 190 of 190 total issues

ReDoS based DoS vulnerability in Action Dispatch
Open

CSRF Vulnerability in rails-ujs
Open

Possible RCE escalation bug with Serialized Columns in Active Record
Open

Possible DoS Vulnerability in Active Record PostgreSQL adapter
Open

Unsanitized input leading to code injection in Dalli
Open

Possible Information Disclosure / Unintended Method Execution in Action Pack
Open

Possible Strong Parameters Bypass in ActionPack
Open

Denial of Service Vulnerability in Rack Multipart Parsing
Open

Denial of Service Vulnerability in Rack Content-Disposition parsing
Open

Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
Open

Cross-Site Scripting in Kaminari via `original_script_name` parameter
Open

Denial of service via header parsing in Rack
Open

Ability to forge per-form CSRF tokens given a global CSRF token
Open

Potential XSS vulnerability in Action View
Open

Devise Gem for Ruby confirmation token validation with a blank string
Open

Possible XSS Vulnerability in Action View tag helpers
Open

ReDoS based DoS vulnerability in Active Support’s underscore
Open

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

Denial of service via multipart parsing in Rack
Open

Possible DoS Vulnerability in Action Controller Token Authentication
Open

Severity

Category

Status

Source

Language

stevegrossi/stevegrossi

Showing 190 of 190 total issues

ReDoS based DoS vulnerability in Action Dispatch Open

CSRF Vulnerability in rails-ujs Open

Possible RCE escalation bug with Serialized Columns in Active Record Open

Possible DoS Vulnerability in Active Record PostgreSQL adapter Open

Unsanitized input leading to code injection in Dalli Open

Possible Information Disclosure / Unintended Method Execution in Action Pack Open

Possible Strong Parameters Bypass in ActionPack Open

Denial of Service Vulnerability in Rack Multipart Parsing Open

Denial of Service Vulnerability in Rack Content-Disposition parsing Open

Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore Open

Cross-Site Scripting in Kaminari via original_script_name parameter Open

Denial of service via header parsing in Rack Open

Ability to forge per-form CSRF tokens given a global CSRF token Open

Potential XSS vulnerability in Action View Open

Devise Gem for Ruby confirmation token validation with a blank string Open

Possible XSS Vulnerability in Action View tag helpers Open

ReDoS based DoS vulnerability in Active Support’s underscore Open

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix) Open

Denial of service via multipart parsing in Rack Open

Possible DoS Vulnerability in Action Controller Token Authentication Open

Severity

Category

Status

Source

Language

ReDoS based DoS vulnerability in Action Dispatch
Open

CSRF Vulnerability in rails-ujs
Open

Possible RCE escalation bug with Serialized Columns in Active Record
Open

Possible DoS Vulnerability in Active Record PostgreSQL adapter
Open

Unsanitized input leading to code injection in Dalli
Open

Possible Information Disclosure / Unintended Method Execution in Action Pack
Open

Possible Strong Parameters Bypass in ActionPack
Open

Denial of Service Vulnerability in Rack Multipart Parsing
Open

Denial of Service Vulnerability in Rack Content-Disposition parsing
Open

Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
Open

Cross-Site Scripting in Kaminari via `original_script_name` parameter
Open

Denial of service via header parsing in Rack
Open

Ability to forge per-form CSRF tokens given a global CSRF token
Open

Potential XSS vulnerability in Action View
Open

Devise Gem for Ruby confirmation token validation with a blank string
Open

Possible XSS Vulnerability in Action View tag helpers
Open

ReDoS based DoS vulnerability in Active Support’s underscore
Open

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

Denial of service via multipart parsing in Rack
Open

Possible DoS Vulnerability in Action Controller Token Authentication
Open