wiseadvice_public_repos
/
bundle-audit-results
3
0
Fork 0
Code Wiki
bundle-audit-results/report.txt

137 lines
4.7 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

Name: actionpack
Version: 7.0.1
CVE: CVE-2022-22577
GHSA: GHSA-mm33-5vfq-3mm3
Criticality: Medium
URL: https://groups.google.com/g/ruby-security-ann/c/NuFRKaN5swI
Title: Possible XSS Vulnerability in Action Pack
Solution: upgrade to '~> 5.2.7, >= 5.2.7.1', '~> 6.0.4, >= 6.0.4.8', '~> 6.1.5, >= 6.1.5.1', '>= 7.0.2.4'
Name: actionpack
Version: 7.0.1
CVE: CVE-2022-23633
GHSA: GHSA-wh98-p28r-vrc9
Criticality: High
URL: https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ
Title: Possible exposure of information vulnerability in Action Pack
Solution: upgrade to '~> 5.2.6, >= 5.2.6.2', '~> 6.0.4, >= 6.0.4.6', '~> 6.1.4, >= 6.1.4.6', '>= 7.0.2.2'
Name: actionpack
Version: 7.0.1
CVE: CVE-2023-22792
GHSA: GHSA-p84v-45xj-wwqj
Criticality: Unknown
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Title: ReDoS based DoS vulnerability in Action Dispatch
Solution: upgrade to '~> 5.2.8, >= 5.2.8.15', '~> 6.1.7, >= 6.1.7.1', '>= 7.0.4.1'
Name: actionpack
Version: 7.0.1
CVE: CVE-2023-22795
GHSA: GHSA-8xww-x3g3-6jcv
Criticality: Unknown
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Title: ReDoS based DoS vulnerability in Action Dispatch
Solution: upgrade to '~> 5.2.8, >= 5.2.8.15', '~> 6.1.7, >= 6.1.7.1', '>= 7.0.4.1'
Name: actionpack
Version: 7.0.1
CVE: CVE-2023-22797
GHSA: GHSA-9445-4cr6-336r
Criticality: Medium
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Title: Open Redirect Vulnerability in Action Pack
Solution: upgrade to '>= 7.0.4.1'
Name: actionpack
Version: 7.0.1
CVE: CVE-2023-28362
GHSA: GHSA-4g8v-vg43-wpgf
Criticality: Unknown
URL: https://discuss.rubyonrails.org/t/cve-2023-28362-possible-xss-via-user-supplied-values-to-redirect-to/83132
Title: Possible XSS via User Supplied Values to redirect_to
Solution: upgrade to '~> 6.1.7.4', '>= 7.0.5.1'
Name: actionview
Version: 7.0.1
CVE: CVE-2022-27777
GHSA: GHSA-ch3h-j2vf-95pv
Criticality: Medium
URL: https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw
Title: Possible XSS Vulnerability in Action View tag helpers
Solution: upgrade to '~> 5.2.7, >= 5.2.7.1', '~> 6.0.4, >= 6.0.4.8', '~> 6.1.5, >= 6.1.5.1', '>= 7.0.2.4'
Name: actionview
Version: 7.0.1
CVE: CVE-2023-23913
GHSA: GHSA-xp5h-f8jf-rc8q
Criticality: High
URL: https://discuss.rubyonrails.org/t/cve-2023-23913-dom-based-cross-site-scripting-in-rails-ujs-for-contenteditable-html-elements/82468
Title: DOM Based Cross-site Scripting in rails-ujs for contenteditable HTML Elements
Solution: upgrade to '~> 6.1.7.3', '>= 7.0.4.3'
Name: activerecord
Version: 7.0.1
CVE: CVE-2022-32224
GHSA: GHSA-3hhc-qp5v-9p2j
Criticality: Critical
URL: https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U
Title: Possible RCE escalation bug with Serialized Columns in Active Record
Solution: upgrade to '~> 5.2.8, >= 5.2.8.1', '~> 6.0.5, >= 6.0.5.1', '~> 6.1.6, >= 6.1.6.1', '>= 7.0.3.1'
Name: activerecord
Version: 7.0.1
CVE: CVE-2022-44566
GHSA: GHSA-579w-22j4-4749
Criticality: High
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Title: Denial of Service Vulnerability in ActiveRecords PostgreSQL adapter
Solution: upgrade to '~> 5.2.8, >= 5.2.8.15', '~> 6.1.7, >= 6.1.7.1', '>= 7.0.4.1'
Name: activerecord
Version: 7.0.1
CVE: CVE-2023-22794
GHSA: GHSA-hq7p-j377-6v63
Criticality: High
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Title: SQL Injection Vulnerability via ActiveRecord comments
Solution: upgrade to '~> 6.0.6, >= 6.0.6.1', '~> 6.1.7, >= 6.1.7.1', '>= 7.0.4.1'
Name: activestorage
Version: 7.0.1
CVE: CVE-2022-21831
GHSA: GHSA-w749-p3v6-hccq
Criticality: Critical
URL: https://groups.google.com/g/rubyonrails-security/c/n-p-W1yxatI
Title: Possible code injection vulnerability in Rails / Active Storage
Solution: upgrade to '~> 5.2.6, >= 5.2.6.3', '~> 6.0.4, >= 6.0.4.7', '~> 6.1.4, >= 6.1.4.7', '>= 7.0.2.3'
Name: activesupport
Version: 7.0.1
CVE: CVE-2023-22796
GHSA: GHSA-j6gc-792m-qgm2
Criticality: Unknown
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Title: ReDoS based DoS vulnerability in Active Supports underscore
Solution: upgrade to '~> 5.2.8, >= 5.2.8.15', '~> 6.1.7, >= 6.1.7.1', '>= 7.0.4.1'
Name: activesupport
Version: 7.0.1
CVE: CVE-2023-28120
GHSA: GHSA-pj73-v5mw-pm9j
Criticality: Unknown
URL: https://discuss.rubyonrails.org/t/cve-2023-28120-possible-xss-security-vulnerability-in-safebuffer-bytesplice/82469
Title: Possible XSS Security Vulnerability in SafeBuffer#bytesplice
Solution: upgrade to '~> 6.1.7, >= 6.1.7.3', '>= 7.0.4.3'
Name: activesupport
Version: 7.0.1
CVE: CVE-2023-38037
GHSA: GHSA-cr5q-6q9f-rq6q
Criticality: Unknown
URL: https://github.com/rails/rails/releases/tag/v7.0.7.1
Title: Possible File Disclosure of Locally Encrypted Files
Solution: upgrade to '~> 6.1.7, >= 6.1.7.5', '>= 7.0.7.1'
Vulnerabilities found!
View Git Blame Copy Permalink