wiseadvice_public_repos
/
bundle-audit-results
3
0
Fork 0
Code Wiki

commit by to_remotes 2024-01-23 12:56:58 +0100 from vmdevac

main
ag 2024-01-23 12:56:58 +01:00
parent f409c2e133
commit 6a58bd6ef5
3 changed files with 3 additions and 138 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
bundle-audit-time.txt
View File

@ -1 +1 @@
2024-01-23T12:13:10+01:00 2024-01-23T12:56:56+01:00

2
bundle-audit.json
View File

File diff suppressed because one or more lines are too long

137
report.txt
View File

@ -1,136 +1 @@
Name: actionpack No vulnerabilities found
Version: 7.0.1
CVE: CVE-2022-22577
GHSA: GHSA-mm33-5vfq-3mm3
Criticality: Medium
URL: https://groups.google.com/g/ruby-security-ann/c/NuFRKaN5swI
Title: Possible XSS Vulnerability in Action Pack
Solution: upgrade to '~> 5.2.7, >= 5.2.7.1', '~> 6.0.4, >= 6.0.4.8', '~> 6.1.5, >= 6.1.5.1', '>= 7.0.2.4'
Name: actionpack
Version: 7.0.1
CVE: CVE-2022-23633
GHSA: GHSA-wh98-p28r-vrc9
Criticality: High
URL: https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ
Title: Possible exposure of information vulnerability in Action Pack
Solution: upgrade to '~> 5.2.6, >= 5.2.6.2', '~> 6.0.4, >= 6.0.4.6', '~> 6.1.4, >= 6.1.4.6', '>= 7.0.2.2'
Name: actionpack
Version: 7.0.1
CVE: CVE-2023-22792
GHSA: GHSA-p84v-45xj-wwqj
Criticality: Unknown
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Title: ReDoS based DoS vulnerability in Action Dispatch
Solution: upgrade to '~> 5.2.8, >= 5.2.8.15', '~> 6.1.7, >= 6.1.7.1', '>= 7.0.4.1'
Name: actionpack
Version: 7.0.1
CVE: CVE-2023-22795
GHSA: GHSA-8xww-x3g3-6jcv
Criticality: Unknown
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Title: ReDoS based DoS vulnerability in Action Dispatch
Solution: upgrade to '~> 5.2.8, >= 5.2.8.15', '~> 6.1.7, >= 6.1.7.1', '>= 7.0.4.1'
Name: actionpack
Version: 7.0.1
CVE: CVE-2023-22797
GHSA: GHSA-9445-4cr6-336r
Criticality: Medium
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Title: Open Redirect Vulnerability in Action Pack
Solution: upgrade to '>= 7.0.4.1'
Name: actionpack
Version: 7.0.1
CVE: CVE-2023-28362
GHSA: GHSA-4g8v-vg43-wpgf
Criticality: Unknown
URL: https://discuss.rubyonrails.org/t/cve-2023-28362-possible-xss-via-user-supplied-values-to-redirect-to/83132
Title: Possible XSS via User Supplied Values to redirect_to
Solution: upgrade to '~> 6.1.7.4', '>= 7.0.5.1'
Name: actionview
Version: 7.0.1
CVE: CVE-2022-27777
GHSA: GHSA-ch3h-j2vf-95pv
Criticality: Medium
URL: https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw
Title: Possible XSS Vulnerability in Action View tag helpers
Solution: upgrade to '~> 5.2.7, >= 5.2.7.1', '~> 6.0.4, >= 6.0.4.8', '~> 6.1.5, >= 6.1.5.1', '>= 7.0.2.4'
Name: actionview
Version: 7.0.1
CVE: CVE-2023-23913
GHSA: GHSA-xp5h-f8jf-rc8q
Criticality: High
URL: https://discuss.rubyonrails.org/t/cve-2023-23913-dom-based-cross-site-scripting-in-rails-ujs-for-contenteditable-html-elements/82468
Title: DOM Based Cross-site Scripting in rails-ujs for contenteditable HTML Elements
Solution: upgrade to '~> 6.1.7.3', '>= 7.0.4.3'
Name: activerecord
Version: 7.0.1
CVE: CVE-2022-32224
GHSA: GHSA-3hhc-qp5v-9p2j
Criticality: Critical
URL: https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U
Title: Possible RCE escalation bug with Serialized Columns in Active Record
Solution: upgrade to '~> 5.2.8, >= 5.2.8.1', '~> 6.0.5, >= 6.0.5.1', '~> 6.1.6, >= 6.1.6.1', '>= 7.0.3.1'
Name: activerecord
Version: 7.0.1
CVE: CVE-2022-44566
GHSA: GHSA-579w-22j4-4749
Criticality: High
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Title: Denial of Service Vulnerability in ActiveRecords PostgreSQL adapter
Solution: upgrade to '~> 5.2.8, >= 5.2.8.15', '~> 6.1.7, >= 6.1.7.1', '>= 7.0.4.1'
Name: activerecord
Version: 7.0.1
CVE: CVE-2023-22794
GHSA: GHSA-hq7p-j377-6v63
Criticality: High
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Title: SQL Injection Vulnerability via ActiveRecord comments
Solution: upgrade to '~> 6.0.6, >= 6.0.6.1', '~> 6.1.7, >= 6.1.7.1', '>= 7.0.4.1'
Name: activestorage
Version: 7.0.1
CVE: CVE-2022-21831
GHSA: GHSA-w749-p3v6-hccq
Criticality: Critical
URL: https://groups.google.com/g/rubyonrails-security/c/n-p-W1yxatI
Title: Possible code injection vulnerability in Rails / Active Storage
Solution: upgrade to '~> 5.2.6, >= 5.2.6.3', '~> 6.0.4, >= 6.0.4.7', '~> 6.1.4, >= 6.1.4.7', '>= 7.0.2.3'
Name: activesupport
Version: 7.0.1
CVE: CVE-2023-22796
GHSA: GHSA-j6gc-792m-qgm2
Criticality: Unknown
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Title: ReDoS based DoS vulnerability in Active Supports underscore
Solution: upgrade to '~> 5.2.8, >= 5.2.8.15', '~> 6.1.7, >= 6.1.7.1', '>= 7.0.4.1'
Name: activesupport
Version: 7.0.1
CVE: CVE-2023-28120
GHSA: GHSA-pj73-v5mw-pm9j
Criticality: Unknown
URL: https://discuss.rubyonrails.org/t/cve-2023-28120-possible-xss-security-vulnerability-in-safebuffer-bytesplice/82469
Title: Possible XSS Security Vulnerability in SafeBuffer#bytesplice
Solution: upgrade to '~> 6.1.7, >= 6.1.7.3', '>= 7.0.4.3'
Name: activesupport
Version: 7.0.1
CVE: CVE-2023-38037
GHSA: GHSA-cr5q-6q9f-rq6q
Criticality: Unknown
URL: https://github.com/rails/rails/releases/tag/v7.0.7.1
Title: Possible File Disclosure of Locally Encrypted Files
Solution: upgrade to '~> 6.1.7, >= 6.1.7.5', '>= 7.0.7.1'
Vulnerabilities found!