wiseadvice_public_repos
/
bundle-audit-results
3
0
Fork 0
Code Wiki
bundle-audit-results/report.txt

37 lines
1.2 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

Name: rack
Version: 3.2.0
CVE: CVE-2025-61770
GHSA: GHSA-p543-xpfm-54cp
Criticality: High
URL: https://github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cp
Title: Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)
Solution: update to '~> 2.2.19', '~> 3.1.17', '>= 3.2.2'
Name: rack
Version: 3.2.0
CVE: CVE-2025-61771
GHSA: GHSA-w9pc-fmgc-vxvw
Criticality: High
URL: https://github.com/rack/rack/security/advisories/GHSA-w9pc-fmgc-vxvw
Title: Multipart parser buffers large nonfile fields entirely in memory, enabling DoS (memory exhaustion)
Solution: update to '~> 2.2.19', '~> 3.1.17', '>= 3.2.2'
Name: rack
Version: 3.2.0
CVE: CVE-2025-61772
GHSA: GHSA-wpv5-97wm-hp9c
Criticality: High
URL: https://github.com/rack/rack/security/advisories/GHSA-wpv5-97wm-hp9c
Title: Rack's multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)
Solution: update to '~> 2.2.19', '~> 3.1.17', '>= 3.2.2'
Name: uri
Version: 1.0.3
CVE: CVE-2025-61594
Criticality: Unknown
URL: https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594
Title: CVE-2025-61594 - URI Credential Leakage Bypass over CVE-2025-27221
Solution: update to '~> 0.12.5', '~> 0.13.3', '>= 1.0.4'
Vulnerabilities found!
View Git Blame Copy Permalink