commit by to_remotes 2024-02-27 08:43:11 +0100 from vmdevac
parent
7372966c93
commit
786e9571d4
|
|
@ -1 +1 @@
|
||||||
2024-02-27T08:12:04+01:00
|
2024-02-27T08:43:10+01:00
|
||||||
|
|
|
||||||
File diff suppressed because one or more lines are too long
42
report.txt
42
report.txt
|
|
@ -1 +1,41 @@
|
||||||
No vulnerabilities found
|
Name: actionpack
|
||||||
|
Version: 7.1.3
|
||||||
|
CVE: CVE-2024-26142
|
||||||
|
Criticality: Unknown
|
||||||
|
URL: https://discuss.rubyonrails.org/t/possible-redos-vulnerability-in-accept-header-parsing-in-action-dispatch/84946
|
||||||
|
Title: Possible ReDoS vulnerability in Accept header parsing in Action Dispatch
|
||||||
|
Solution: upgrade to '>= 7.1.3.1'
|
||||||
|
|
||||||
|
Name: actionpack
|
||||||
|
Version: 7.1.3
|
||||||
|
CVE: CVE-2024-26143
|
||||||
|
Criticality: Unknown
|
||||||
|
URL: https://discuss.rubyonrails.org/t/possible-xss-vulnerability-in-action-controller/84947
|
||||||
|
Title: Possible XSS Vulnerability in Action Controller
|
||||||
|
Solution: upgrade to '~> 7.0.8, >= 7.0.8.1', '>= 7.1.3.1'
|
||||||
|
|
||||||
|
Name: rack
|
||||||
|
Version: 3.0.9
|
||||||
|
CVE: CVE-2024-25126
|
||||||
|
Criticality: Unknown
|
||||||
|
URL: https://discuss.rubyonrails.org/t/denial-of-service-vulnerability-in-rack-content-type-parsing/84941
|
||||||
|
Title: Denial of Service Vulnerability in Rack Content-Type Parsing
|
||||||
|
Solution: upgrade to '~> 2.2.8, >= 2.2.8.1', '>= 3.0.9.1'
|
||||||
|
|
||||||
|
Name: rack
|
||||||
|
Version: 3.0.9
|
||||||
|
CVE: CVE-2024-26141
|
||||||
|
Criticality: Unknown
|
||||||
|
URL: https://discuss.rubyonrails.org/t/possible-dos-vulnerability-with-range-header-in-rack/84944
|
||||||
|
Title: Possible DoS Vulnerability with Range Header in Rack
|
||||||
|
Solution: upgrade to '~> 2.2.8, >= 2.2.8.1', '>= 3.0.9.1'
|
||||||
|
|
||||||
|
Name: rack
|
||||||
|
Version: 3.0.9
|
||||||
|
CVE: CVE-2024-26146
|
||||||
|
Criticality: Unknown
|
||||||
|
URL: https://discuss.rubyonrails.org/t/possible-denial-of-service-vulnerability-in-rack-header-parsing/84942
|
||||||
|
Title: Possible Denial of Service Vulnerability in Rack Header Parsing
|
||||||
|
Solution: upgrade to '~> 2.0.9, >= 2.0.9.4', '~> 2.1.4, >= 2.1.4.4', '~> 2.2.8, >= 2.2.8.1', '>= 3.0.9.1'
|
||||||
|
|
||||||
|
Vulnerabilities found!
|
||||||
|
|
|
||||||
|
|
@ -1,19 +1,5 @@
|
||||||
Updating ruby-advisory-db ...
|
Updating ruby-advisory-db ...
|
||||||
Updating 4dbb13b..fc2aa0d
|
Already up to date.
|
||||||
Fast-forward
|
|
||||||
gems/actionpack/CVE-2024-26142.yml | 35 +++++++++++++++++++++
|
|
||||||
gems/actionpack/CVE-2024-26143.yml | 57 +++++++++++++++++++++++++++++++++++
|
|
||||||
gems/activestorage/CVE-2024-26144.yml | 43 ++++++++++++++++++++++++++
|
|
||||||
gems/rack/CVE-2024-25126.yml | 57 +++++++++++++++++++++++++++++++++++
|
|
||||||
gems/rack/CVE-2024-26141.yml | 40 ++++++++++++++++++++++++
|
|
||||||
gems/rack/CVE-2024-26146.yml | 41 +++++++++++++++++++++++++
|
|
||||||
6 files changed, 273 insertions(+)
|
|
||||||
create mode 100644 gems/actionpack/CVE-2024-26142.yml
|
|
||||||
create mode 100644 gems/actionpack/CVE-2024-26143.yml
|
|
||||||
create mode 100644 gems/activestorage/CVE-2024-26144.yml
|
|
||||||
create mode 100644 gems/rack/CVE-2024-25126.yml
|
|
||||||
create mode 100644 gems/rack/CVE-2024-26141.yml
|
|
||||||
create mode 100644 gems/rack/CVE-2024-26146.yml
|
|
||||||
Updated ruby-advisory-db
|
Updated ruby-advisory-db
|
||||||
ruby-advisory-db:
|
ruby-advisory-db:
|
||||||
advisories: 874 advisories
|
advisories: 874 advisories
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue