Created
October 28, 2024 07:55
-
-
Save FliegendeWurst/2ee54c035fa6355c1e668dd99ac51570 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ruby-advisory-db: | |
| advisories: 943 advisories | |
| last updated: 2024-10-24 06:19:33 -0700 | |
| commit: c105c3f736cac6427f0d59192ba186f760281493 | |
| Gemfile: ./pkgs/development/interpreters/asmrepl/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/development/web/mailcatcher/Gemfile.lock | |
| Name: nokogiri | |
| Version: 1.16.0 | |
| GHSA: GHSA-r95h-9x8f-r3f7 | |
| Criticality: Unknown | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-r95h-9x8f-r3f7 | |
| Title: Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459 | |
| Solution: upgrade to '>= 1.16.5' | |
| Name: nokogiri | |
| Version: 1.16.0 | |
| GHSA: GHSA-xc9x-jj77-9p9j | |
| Criticality: Unknown | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xc9x-jj77-9p9j | |
| Title: Use-after-free in libxml2 via Nokogiri::XML::Reader | |
| Solution: upgrade to '~> 1.15.6', '>= 1.16.2' | |
| Name: rack | |
| Version: 1.6.13 | |
| CVE: CVE-2020-8161 | |
| GHSA: GHSA-5f9h-9pjv-v6j7 | |
| Criticality: High | |
| URL: https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA | |
| Title: Directory traversal in Rack::Directory app bundled with Rack | |
| Solution: upgrade to '~> 2.1.3', '>= 2.2.0' | |
| Name: rack | |
| Version: 1.6.13 | |
| CVE: CVE-2020-8184 | |
| GHSA: GHSA-j6w9-fv6q-3q52 | |
| Criticality: High | |
| URL: https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak | |
| Title: Percent-encoded cookies can be used to overwrite existing prefixed cookie names | |
| Solution: upgrade to '~> 2.1.4', '>= 2.2.3' | |
| Name: rack | |
| Version: 1.6.13 | |
| CVE: CVE-2022-30122 | |
| GHSA: GHSA-hxqx-xwvh-44m2 | |
| Criticality: High | |
| URL: https://groups.google.com/g/ruby-security-ann/c/L2Axto442qk | |
| Title: Denial of Service Vulnerability in Rack Multipart Parsing | |
| Solution: upgrade to '~> 2.0.9, >= 2.0.9.1', '~> 2.1.4, >= 2.1.4.1', '>= 2.2.3.1' | |
| Name: rack | |
| Version: 1.6.13 | |
| CVE: CVE-2022-30123 | |
| GHSA: GHSA-wq4h-7r42-5hrr | |
| Criticality: Critical | |
| URL: https://groups.google.com/g/ruby-security-ann/c/LWB10kWzag8 | |
| Title: Possible shell escape sequence injection vulnerability in Rack | |
| Solution: upgrade to '~> 2.0.9, >= 2.0.9.1', '~> 2.1.4, >= 2.1.4.1', '>= 2.2.3.1' | |
| Name: rack | |
| Version: 1.6.13 | |
| CVE: CVE-2022-44570 | |
| GHSA: GHSA-65f5-mfpf-vfhj | |
| Criticality: High | |
| URL: https://github.com/rack/rack/releases/tag/v3.0.4.1 | |
| Title: Denial of service via header parsing in Rack | |
| Solution: upgrade to '~> 2.0.9, >= 2.0.9.2', '~> 2.1.4, >= 2.1.4.2', '~> 2.2.6, >= 2.2.6.2', '>= 3.0.4.1' | |
| Name: rack | |
| Version: 1.6.13 | |
| CVE: CVE-2022-44571 | |
| GHSA: GHSA-93pm-5p5f-3ghx | |
| Criticality: Unknown | |
| URL: https://github.com/rack/rack/releases/tag/v3.0.4.1 | |
| Title: Denial of Service Vulnerability in Rack Content-Disposition parsing | |
| Solution: upgrade to '~> 2.0.9, >= 2.0.9.2', '~> 2.1.4, >= 2.1.4.2', '~> 2.2.6, >= 2.2.6.1', '>= 3.0.4.1' | |
| Name: rack | |
| Version: 1.6.13 | |
| CVE: CVE-2022-44572 | |
| GHSA: GHSA-rqv2-275x-2jq5 | |
| Criticality: Unknown | |
| URL: https://github.com/rack/rack/releases/tag/v3.0.4.1 | |
| Title: Denial of service via multipart parsing in Rack | |
| Solution: upgrade to '~> 2.0.9, >= 2.0.9.2', '~> 2.1.4, >= 2.1.4.2', '~> 2.2.6, >= 2.2.6.1', '>= 3.0.4.1' | |
| Name: rack | |
| Version: 1.6.13 | |
| CVE: CVE-2023-27530 | |
| GHSA: GHSA-3h57-hmj3-gj3p | |
| Criticality: High | |
| URL: https://discuss.rubyonrails.org/t/cve-2023-27530-possible-dos-vulnerability-in-multipart-mime-parsing/82388 | |
| Title: Possible DoS Vulnerability in Multipart MIME parsing | |
| Solution: upgrade to '~> 2.0.9, >= 2.0.9.3', '~> 2.1.4, >= 2.1.4.3', '~> 2.2.6, >= 2.2.6.3', '>= 3.0.4.2' | |
| Name: rack | |
| Version: 1.6.13 | |
| CVE: CVE-2023-27539 | |
| GHSA: GHSA-c6qg-cjj8-47qp | |
| Criticality: Unknown | |
| URL: https://discuss.rubyonrails.org/t/cve-2023-27539-possible-denial-of-service-vulnerability-in-racks-header-parsing/82466 | |
| Title: Possible Denial of Service Vulnerability in Rack’s header parsing | |
| Solution: upgrade to '~> 2.0, >= 2.2.6.4', '>= 3.0.6.1' | |
| Name: rack | |
| Version: 1.6.13 | |
| CVE: CVE-2024-25126 | |
| GHSA: GHSA-22f2-v57c-j9cx | |
| Criticality: Medium | |
| URL: https://discuss.rubyonrails.org/t/denial-of-service-vulnerability-in-rack-content-type-parsing/84941 | |
| Title: Denial of Service Vulnerability in Rack Content-Type Parsing | |
| Solution: upgrade to '~> 2.2.8, >= 2.2.8.1', '>= 3.0.9.1' | |
| Name: rack | |
| Version: 1.6.13 | |
| CVE: CVE-2024-26141 | |
| GHSA: GHSA-xj5v-6v4g-jfw6 | |
| Criticality: Unknown | |
| URL: https://discuss.rubyonrails.org/t/possible-dos-vulnerability-with-range-header-in-rack/84944 | |
| Title: Possible DoS Vulnerability with Range Header in Rack | |
| Solution: upgrade to '~> 2.2.8, >= 2.2.8.1', '>= 3.0.9.1' | |
| Name: rack | |
| Version: 1.6.13 | |
| CVE: CVE-2024-26146 | |
| GHSA: GHSA-54rr-7fvw-6x8f | |
| Criticality: Unknown | |
| URL: https://discuss.rubyonrails.org/t/possible-denial-of-service-vulnerability-in-rack-header-parsing/84942 | |
| Title: Possible Denial of Service Vulnerability in Rack Header Parsing | |
| Solution: upgrade to '~> 2.0.9, >= 2.0.9.4', '~> 2.1.4, >= 2.1.4.4', '~> 2.2.8, >= 2.2.8.1', '>= 3.0.9.1' | |
| Name: rdoc | |
| Version: 6.5.0 | |
| CVE: CVE-2024-27281 | |
| GHSA: GHSA-592j-995h-p23j | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/03/21/rce-rdoc-cve-2024-27281/ | |
| Title: RCE vulnerability with .rdoc_options in RDoc | |
| Solution: upgrade to '~> 6.3.4, >= 6.3.4.1', '~> 6.4.1, >= 6.4.1.1', '>= 6.5.1.1' | |
| Name: rexml | |
| Version: 3.2.6 | |
| CVE: CVE-2024-35176 | |
| GHSA: GHSA-vg3r-rm7w-2xgh | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh | |
| Title: REXML contains a denial of service vulnerability | |
| Solution: upgrade to '>= 3.2.7' | |
| Name: rexml | |
| Version: 3.2.6 | |
| CVE: CVE-2024-39908 | |
| GHSA: GHSA-4xqq-m2hx-25v8 | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8 | |
| Title: DoS in REXML | |
| Solution: upgrade to '>= 3.3.2' | |
| Name: rexml | |
| Version: 3.2.6 | |
| CVE: CVE-2024-41123 | |
| GHSA: GHSA-r55c-59qm-vjw6 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.2.6 | |
| CVE: CVE-2024-41946 | |
| GHSA: GHSA-5866-49gr-22v4 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.2.6 | |
| CVE: CVE-2024-43398 | |
| GHSA: GHSA-vmwr-mc7x-5vc3 | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-vmwr-mc7x-5vc3 | |
| Title: REXML denial of service vulnerability | |
| Solution: upgrade to '>= 3.3.6' | |
| Name: sinatra | |
| Version: 1.4.8 | |
| CVE: CVE-2022-29970 | |
| GHSA: GHSA-qp49-3pvw-x4m5 | |
| Criticality: High | |
| URL: https://github.com/sinatra/sinatra/pull/1683 | |
| Title: sinatra does not validate expanded path matches | |
| Solution: upgrade to '>= 2.2.0' | |
| Name: sinatra | |
| Version: 1.4.8 | |
| CVE: CVE-2022-45442 | |
| GHSA: GHSA-2x8x-jmrp-phxw | |
| Criticality: High | |
| URL: https://github.com/sinatra/sinatra/security/advisories/GHSA-2x8x-jmrp-phxw | |
| Title: Sinatra vulnerable to Reflected File Download attack | |
| Solution: upgrade to '~> 2.2.3', '>= 3.0.4' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/development/ruby-modules/bundler-env/test/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/development/tools/sass/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/development/tools/redis-dump/Gemfile.lock | |
| Name: yajl-ruby | |
| Version: 1.4.1 | |
| CVE: CVE-2022-24795 | |
| GHSA: GHSA-jj47-x69x-mxrm | |
| Criticality: Medium | |
| URL: https://github.com/brianmario/yajl-ruby/security/advisories/GHSA-jj47-x69x-mxrm | |
| Title: Reallocation bug can trigger heap memory corruption | |
| Solution: upgrade to '>= 1.4.2' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/development/tools/cadre/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/development/tools/scss-lint/Gemfile.lock | |
| Name: rake | |
| Version: 12.3.1 | |
| CVE: CVE-2020-8130 | |
| GHSA: GHSA-jppv-gw3r-w3q8 | |
| Criticality: High | |
| URL: https://github.com/advisories/GHSA-jppv-gw3r-w3q8 | |
| Title: OS Command Injection in Rake | |
| Solution: upgrade to '>= 12.3.3' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/development/tools/corundum/Gemfile.lock | |
| Name: json | |
| Version: 2.1.0 | |
| CVE: CVE-2020-10663 | |
| GHSA: GHSA-jphg-qwrw-7w9g | |
| Criticality: High | |
| URL: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/ | |
| Title: json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix) | |
| Solution: upgrade to '>= 2.3.0' | |
| Name: rake | |
| Version: 10.5.0 | |
| CVE: CVE-2020-8130 | |
| GHSA: GHSA-jppv-gw3r-w3q8 | |
| Criticality: High | |
| URL: https://github.com/advisories/GHSA-jppv-gw3r-w3q8 | |
| Title: OS Command Injection in Rake | |
| Solution: upgrade to '>= 12.3.3' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/development/tools/database/pgsync/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/development/tools/github-changelog-generator/Gemfile.lock | |
| Name: activesupport | |
| Version: 7.0.1 | |
| CVE: CVE-2023-22796 | |
| GHSA: GHSA-j6gc-792m-qgm2 | |
| Criticality: Unknown | |
| URL: https://github.com/rails/rails/releases/tag/v7.0.4.1 | |
| Title: ReDoS based DoS vulnerability in Active Support’s underscore | |
| Solution: upgrade to '~> 5.2.8, >= 5.2.8.15', '~> 6.1.7, >= 6.1.7.1', '>= 7.0.4.1' | |
| Name: activesupport | |
| Version: 7.0.1 | |
| CVE: CVE-2023-28120 | |
| GHSA: GHSA-pj73-v5mw-pm9j | |
| Criticality: Unknown | |
| URL: https://discuss.rubyonrails.org/t/cve-2023-28120-possible-xss-security-vulnerability-in-safebuffer-bytesplice/82469 | |
| Title: Possible XSS Security Vulnerability in SafeBuffer#bytesplice | |
| Solution: upgrade to '~> 6.1.7, >= 6.1.7.3', '>= 7.0.4.3' | |
| Name: activesupport | |
| Version: 7.0.1 | |
| CVE: CVE-2023-38037 | |
| GHSA: GHSA-cr5q-6q9f-rq6q | |
| Criticality: Unknown | |
| URL: https://github.com/rails/rails/releases/tag/v7.0.7.1 | |
| Title: Possible File Disclosure of Locally Encrypted Files | |
| Solution: upgrade to '~> 6.1.7, >= 6.1.7.5', '>= 7.0.7.1' | |
| Name: protocol-http1 | |
| Version: 0.14.2 | |
| CVE: CVE-2023-38697 | |
| GHSA: GHSA-6jwc-qr2q-7xwj | |
| Criticality: Medium | |
| URL: https://github.com/socketry/protocol-http1/security/advisories/GHSA-6jwc-qr2q-7xwj | |
| Title: protocol-http1 HTTP Request/Response Smuggling vulnerability | |
| Solution: upgrade to '>= 0.15.1' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/development/tools/xcpretty/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/development/tools/rufo/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/development/tools/xcode-install/Gemfile.lock | |
| Name: addressable | |
| Version: 2.7.0 | |
| CVE: CVE-2021-32740 | |
| GHSA: GHSA-jxhc-q857-3j6g | |
| Criticality: High | |
| URL: https://github.com/advisories/GHSA-jxhc-q857-3j6g | |
| Title: Regular Expression Denial of Service in Addressable templates | |
| Solution: upgrade to '>= 2.8.0' | |
| Name: jmespath | |
| Version: 1.4.0 | |
| CVE: CVE-2022-32511 | |
| GHSA: GHSA-5c5f-7vfq-3732 | |
| Criticality: Critical | |
| URL: https://github.com/jmespath/jmespath.rb/pull/55 | |
| Title: JMESPath for Ruby using JSON.load instead of JSON.parse | |
| Solution: upgrade to '>= 1.6.1' | |
| Name: rexml | |
| Version: 3.2.4 | |
| CVE: CVE-2021-28965 | |
| GHSA: GHSA-8cr8-4vfw-mr7h | |
| Criticality: High | |
| URL: https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/ | |
| Title: XML round-trip vulnerability in REXML | |
| Solution: upgrade to '~> 3.1.9.1', '~> 3.2.3.1', '>= 3.2.5' | |
| Name: rexml | |
| Version: 3.2.4 | |
| CVE: CVE-2024-35176 | |
| GHSA: GHSA-vg3r-rm7w-2xgh | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh | |
| Title: REXML contains a denial of service vulnerability | |
| Solution: upgrade to '>= 3.2.7' | |
| Name: rexml | |
| Version: 3.2.4 | |
| CVE: CVE-2024-39908 | |
| GHSA: GHSA-4xqq-m2hx-25v8 | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8 | |
| Title: DoS in REXML | |
| Solution: upgrade to '>= 3.3.2' | |
| Name: rexml | |
| Version: 3.2.4 | |
| CVE: CVE-2024-41123 | |
| GHSA: GHSA-r55c-59qm-vjw6 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.2.4 | |
| CVE: CVE-2024-41946 | |
| GHSA: GHSA-5866-49gr-22v4 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.2.4 | |
| CVE: CVE-2024-43398 | |
| GHSA: GHSA-vmwr-mc7x-5vc3 | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-vmwr-mc7x-5vc3 | |
| Title: REXML denial of service vulnerability | |
| Solution: upgrade to '>= 3.3.6' | |
| Name: webrick | |
| Version: 1.7.0 | |
| CVE: CVE-2024-47220 | |
| GHSA: GHSA-6f62-3596-g6w7 | |
| Criticality: High | |
| URL: https://github.com/advisories/GHSA-6f62-3596-g6w7 | |
| Title: HTTP Request Smuggling in ruby webrick | |
| Solution: upgrade to '>= 1.8.2' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/development/tools/pry/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/development/tools/misc/travis/Gemfile.lock | |
| Name: activesupport | |
| Version: 5.2.4.3 | |
| CVE: CVE-2023-22796 | |
| GHSA: GHSA-j6gc-792m-qgm2 | |
| Criticality: Unknown | |
| URL: https://github.com/rails/rails/releases/tag/v7.0.4.1 | |
| Title: ReDoS based DoS vulnerability in Active Support’s underscore | |
| Solution: upgrade to '~> 5.2.8, >= 5.2.8.15', '~> 6.1.7, >= 6.1.7.1', '>= 7.0.4.1' | |
| Name: activesupport | |
| Version: 5.2.4.3 | |
| CVE: CVE-2023-28120 | |
| GHSA: GHSA-pj73-v5mw-pm9j | |
| Criticality: Unknown | |
| URL: https://discuss.rubyonrails.org/t/cve-2023-28120-possible-xss-security-vulnerability-in-safebuffer-bytesplice/82469 | |
| Title: Possible XSS Security Vulnerability in SafeBuffer#bytesplice | |
| Solution: upgrade to '~> 6.1.7, >= 6.1.7.3', '>= 7.0.4.3' | |
| Name: activesupport | |
| Version: 5.2.4.3 | |
| CVE: CVE-2023-38037 | |
| GHSA: GHSA-cr5q-6q9f-rq6q | |
| Criticality: Unknown | |
| URL: https://github.com/rails/rails/releases/tag/v7.0.7.1 | |
| Title: Possible File Disclosure of Locally Encrypted Files | |
| Solution: upgrade to '~> 6.1.7, >= 6.1.7.5', '>= 7.0.7.1' | |
| Name: addressable | |
| Version: 2.7.0 | |
| CVE: CVE-2021-32740 | |
| GHSA: GHSA-jxhc-q857-3j6g | |
| Criticality: High | |
| URL: https://github.com/advisories/GHSA-jxhc-q857-3j6g | |
| Title: Regular Expression Denial of Service in Addressable templates | |
| Solution: upgrade to '>= 2.8.0' | |
| Name: tzinfo | |
| Version: 1.2.7 | |
| CVE: CVE-2022-31163 | |
| GHSA: GHSA-5cm2-9h8c-rvfx | |
| Criticality: High | |
| URL: https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx | |
| Title: TZInfo relative path traversal vulnerability allows loading of arbitrary files | |
| Solution: upgrade to '~> 0.3.61', '>= 1.2.10' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/development/tools/misc/one_gadget/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/development/tools/misc/watson-ruby/Gemfile.lock | |
| Name: json | |
| Version: 2.1.0 | |
| CVE: CVE-2020-10663 | |
| GHSA: GHSA-jphg-qwrw-7w9g | |
| Criticality: High | |
| URL: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/ | |
| Title: json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix) | |
| Solution: upgrade to '>= 2.3.0' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/development/tools/misc/mdl/Gemfile.lock | |
| Name: rexml | |
| Version: 3.2.5 | |
| CVE: CVE-2024-35176 | |
| GHSA: GHSA-vg3r-rm7w-2xgh | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh | |
| Title: REXML contains a denial of service vulnerability | |
| Solution: upgrade to '>= 3.2.7' | |
| Name: rexml | |
| Version: 3.2.5 | |
| CVE: CVE-2024-39908 | |
| GHSA: GHSA-4xqq-m2hx-25v8 | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8 | |
| Title: DoS in REXML | |
| Solution: upgrade to '>= 3.3.2' | |
| Name: rexml | |
| Version: 3.2.5 | |
| CVE: CVE-2024-41123 | |
| GHSA: GHSA-r55c-59qm-vjw6 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.2.5 | |
| CVE: CVE-2024-41946 | |
| GHSA: GHSA-5866-49gr-22v4 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.2.5 | |
| CVE: CVE-2024-43398 | |
| GHSA: GHSA-vmwr-mc7x-5vc3 | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-vmwr-mc7x-5vc3 | |
| Title: REXML denial of service vulnerability | |
| Solution: upgrade to '>= 3.3.6' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/development/tools/ceedling/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/development/tools/jsduck/Gemfile.lock | |
| Name: json | |
| Version: 1.8.6 | |
| CVE: CVE-2020-10663 | |
| GHSA: GHSA-jphg-qwrw-7w9g | |
| Criticality: High | |
| URL: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/ | |
| Title: json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix) | |
| Solution: upgrade to '>= 2.3.0' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/development/tools/license_finder/Gemfile.lock | |
| Name: rexml | |
| Version: 3.2.5 | |
| CVE: CVE-2024-35176 | |
| GHSA: GHSA-vg3r-rm7w-2xgh | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh | |
| Title: REXML contains a denial of service vulnerability | |
| Solution: upgrade to '>= 3.2.7' | |
| Name: rexml | |
| Version: 3.2.5 | |
| CVE: CVE-2024-39908 | |
| GHSA: GHSA-4xqq-m2hx-25v8 | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8 | |
| Title: DoS in REXML | |
| Solution: upgrade to '>= 3.3.2' | |
| Name: rexml | |
| Version: 3.2.5 | |
| CVE: CVE-2024-41123 | |
| GHSA: GHSA-r55c-59qm-vjw6 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.2.5 | |
| CVE: CVE-2024-41946 | |
| GHSA: GHSA-5866-49gr-22v4 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.2.5 | |
| CVE: CVE-2024-43398 | |
| GHSA: GHSA-vmwr-mc7x-5vc3 | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-vmwr-mc7x-5vc3 | |
| Title: REXML denial of service vulnerability | |
| Solution: upgrade to '>= 3.3.6' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/development/tools/compass/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/development/tools/analysis/brakeman/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/development/tools/jazzy/Gemfile.lock | |
| Name: activesupport | |
| Version: 5.2.8.1 | |
| CVE: CVE-2023-22796 | |
| GHSA: GHSA-j6gc-792m-qgm2 | |
| Criticality: Unknown | |
| URL: https://github.com/rails/rails/releases/tag/v7.0.4.1 | |
| Title: ReDoS based DoS vulnerability in Active Support’s underscore | |
| Solution: upgrade to '~> 5.2.8, >= 5.2.8.15', '~> 6.1.7, >= 6.1.7.1', '>= 7.0.4.1' | |
| Name: activesupport | |
| Version: 5.2.8.1 | |
| CVE: CVE-2023-28120 | |
| GHSA: GHSA-pj73-v5mw-pm9j | |
| Criticality: Unknown | |
| URL: https://discuss.rubyonrails.org/t/cve-2023-28120-possible-xss-security-vulnerability-in-safebuffer-bytesplice/82469 | |
| Title: Possible XSS Security Vulnerability in SafeBuffer#bytesplice | |
| Solution: upgrade to '~> 6.1.7, >= 6.1.7.3', '>= 7.0.4.3' | |
| Name: activesupport | |
| Version: 5.2.8.1 | |
| CVE: CVE-2023-38037 | |
| GHSA: GHSA-cr5q-6q9f-rq6q | |
| Criticality: Unknown | |
| URL: https://github.com/rails/rails/releases/tag/v7.0.7.1 | |
| Title: Possible File Disclosure of Locally Encrypted Files | |
| Solution: upgrade to '~> 6.1.7, >= 6.1.7.5', '>= 7.0.7.1' | |
| Name: rexml | |
| Version: 3.3.2 | |
| CVE: CVE-2024-41123 | |
| GHSA: GHSA-r55c-59qm-vjw6 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.3.2 | |
| CVE: CVE-2024-41946 | |
| GHSA: GHSA-5866-49gr-22v4 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.3.2 | |
| CVE: CVE-2024-43398 | |
| GHSA: GHSA-vmwr-mc7x-5vc3 | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-vmwr-mc7x-5vc3 | |
| Title: REXML denial of service vulnerability | |
| Solution: upgrade to '>= 3.3.6' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/development/tools/build-managers/rake/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/development/tools/build-managers/drake/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/development/tools/sqlint/Gemfile.lock | |
| Name: google-protobuf | |
| Version: 3.25.0 | |
| CVE: CVE-2024-7254 | |
| GHSA: GHSA-735f-pc8j-v9w8 | |
| Criticality: High | |
| URL: https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-735f-pc8j-v9w8 | |
| Title: protobuf-java has potential Denial of Service issue | |
| Solution: upgrade to '~> 3.25.5', '~> 4.27.5', '>= 4.28.2' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/development/tools/gemstash/Gemfile.lock | |
| Name: puma | |
| Version: 6.4.0 | |
| CVE: CVE-2024-21647 | |
| GHSA: GHSA-c2f4-cvqm-65w2 | |
| Criticality: Medium | |
| URL: https://github.com/puma/puma/security/advisories/GHSA-c2f4-cvqm-65w2 | |
| Title: Puma HTTP Request/Response Smuggling vulnerability | |
| Solution: upgrade to '~> 5.6.8', '>= 6.4.2' | |
| Name: puma | |
| Version: 6.4.0 | |
| CVE: CVE-2024-45614 | |
| GHSA: GHSA-9hf4-67fc-4vf4 | |
| Criticality: Medium | |
| URL: https://github.com/puma/puma/security/advisories/GHSA-9hf4-67fc-4vf4 | |
| Title: Puma's header normalization allows for client to clobber proxy set headers | |
| Solution: upgrade to '~> 5.6.9', '>= 6.4.3' | |
| Name: rack | |
| Version: 2.2.8 | |
| CVE: CVE-2024-25126 | |
| GHSA: GHSA-22f2-v57c-j9cx | |
| Criticality: Medium | |
| URL: https://discuss.rubyonrails.org/t/denial-of-service-vulnerability-in-rack-content-type-parsing/84941 | |
| Title: Denial of Service Vulnerability in Rack Content-Type Parsing | |
| Solution: upgrade to '~> 2.2.8, >= 2.2.8.1', '>= 3.0.9.1' | |
| Name: rack | |
| Version: 2.2.8 | |
| CVE: CVE-2024-26141 | |
| GHSA: GHSA-xj5v-6v4g-jfw6 | |
| Criticality: Unknown | |
| URL: https://discuss.rubyonrails.org/t/possible-dos-vulnerability-with-range-header-in-rack/84944 | |
| Title: Possible DoS Vulnerability with Range Header in Rack | |
| Solution: upgrade to '~> 2.2.8, >= 2.2.8.1', '>= 3.0.9.1' | |
| Name: rack | |
| Version: 2.2.8 | |
| CVE: CVE-2024-26146 | |
| GHSA: GHSA-54rr-7fvw-6x8f | |
| Criticality: Unknown | |
| URL: https://discuss.rubyonrails.org/t/possible-denial-of-service-vulnerability-in-rack-header-parsing/84942 | |
| Title: Possible Denial of Service Vulnerability in Rack Header Parsing | |
| Solution: upgrade to '~> 2.0.9, >= 2.0.9.4', '~> 2.1.4, >= 2.1.4.4', '~> 2.2.8, >= 2.2.8.1', '>= 3.0.9.1' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/development/tools/cocoapods/Gemfile.lock | |
| Name: rexml | |
| Version: 3.2.6 | |
| CVE: CVE-2024-35176 | |
| GHSA: GHSA-vg3r-rm7w-2xgh | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh | |
| Title: REXML contains a denial of service vulnerability | |
| Solution: upgrade to '>= 3.2.7' | |
| Name: rexml | |
| Version: 3.2.6 | |
| CVE: CVE-2024-39908 | |
| GHSA: GHSA-4xqq-m2hx-25v8 | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8 | |
| Title: DoS in REXML | |
| Solution: upgrade to '>= 3.3.2' | |
| Name: rexml | |
| Version: 3.2.6 | |
| CVE: CVE-2024-41123 | |
| GHSA: GHSA-r55c-59qm-vjw6 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.2.6 | |
| CVE: CVE-2024-41946 | |
| GHSA: GHSA-5866-49gr-22v4 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.2.6 | |
| CVE: CVE-2024-43398 | |
| GHSA: GHSA-vmwr-mc7x-5vc3 | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-vmwr-mc7x-5vc3 | |
| Title: REXML denial of service vulnerability | |
| Solution: upgrade to '>= 3.3.6' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/development/compilers/matter-compiler/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/by-name/pu/puppet-bolt/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/by-name/pu/puppet-lint/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/by-name/pu/puppet/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/by-name/fu/fusuma/Gemfile.lock | |
| Name: rexml | |
| Version: 3.2.8 | |
| CVE: CVE-2024-39908 | |
| GHSA: GHSA-4xqq-m2hx-25v8 | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8 | |
| Title: DoS in REXML | |
| Solution: upgrade to '>= 3.3.2' | |
| Name: rexml | |
| Version: 3.2.8 | |
| CVE: CVE-2024-41123 | |
| GHSA: GHSA-r55c-59qm-vjw6 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.2.8 | |
| CVE: CVE-2024-41946 | |
| GHSA: GHSA-5866-49gr-22v4 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.2.8 | |
| CVE: CVE-2024-43398 | |
| GHSA: GHSA-vmwr-mc7x-5vc3 | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-vmwr-mc7x-5vc3 | |
| Title: REXML denial of service vulnerability | |
| Solution: upgrade to '>= 3.3.6' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/by-name/re/redmine/Gemfile.lock | |
| Name: actionmailer | |
| Version: 6.1.7.8 | |
| CVE: CVE-2024-47889 | |
| GHSA: GHSA-h47h-mwp9-c6q6 | |
| Criticality: Unknown | |
| URL: https://github.com/rails/rails/security/advisories/GHSA-h47h-mwp9-c6q6 | |
| Title: Possible ReDoS vulnerability in block_format in Action Mailer | |
| Solution: upgrade to '~> 6.1.7.9', '~> 7.0.8.5', '~> 7.1.4.1', '>= 7.2.1.1' | |
| Name: actionpack | |
| Version: 6.1.7.8 | |
| CVE: CVE-2024-41128 | |
| GHSA: GHSA-x76w-6vjr-8xgj | |
| Criticality: Unknown | |
| URL: https://github.com/rails/rails/security/advisories/GHSA-x76w-6vjr-8xgj | |
| Title: Possible ReDoS vulnerability in query parameter filtering in Action Dispatch | |
| Solution: upgrade to '~> 6.1.7.9', '~> 7.0.8.5', '~> 7.1.4.1', '>= 7.2.1.1' | |
| Name: actionpack | |
| Version: 6.1.7.8 | |
| CVE: CVE-2024-47887 | |
| GHSA: GHSA-vfg9-r3fq-jvx4 | |
| Criticality: Unknown | |
| URL: https://github.com/rails/rails/security/advisories/GHSA-vfg9-r3fq-jvx4 | |
| Title: Possible ReDoS vulnerability in HTTP Token authentication in Action Controller | |
| Solution: upgrade to '~> 6.1.7.9', '~> 7.0.8.5', '~> 7.1.4.1', '>= 7.2.1.1' | |
| Name: actiontext | |
| Version: 6.1.7.8 | |
| CVE: CVE-2024-47888 | |
| GHSA: GHSA-wwhv-wxv9-rpgw | |
| Criticality: Unknown | |
| URL: https://github.com/rails/rails/security/advisories/GHSA-wwhv-wxv9-rpgw | |
| Title: Possible ReDoS vulnerability in plain_text_for_blockquote_node in Action Text | |
| Solution: upgrade to '~> 6.1.7.9', '~> 7.0.8.5', '~> 7.1.4.1', '>= 7.2.1.1' | |
| Name: nokogiri | |
| Version: 1.15.6 | |
| GHSA: GHSA-r95h-9x8f-r3f7 | |
| Criticality: Unknown | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-r95h-9x8f-r3f7 | |
| Title: Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459 | |
| Solution: upgrade to '>= 1.16.5' | |
| Name: puma | |
| Version: 6.4.2 | |
| CVE: CVE-2024-45614 | |
| GHSA: GHSA-9hf4-67fc-4vf4 | |
| Criticality: Medium | |
| URL: https://github.com/puma/puma/security/advisories/GHSA-9hf4-67fc-4vf4 | |
| Title: Puma's header normalization allows for client to clobber proxy set headers | |
| Solution: upgrade to '~> 5.6.9', '>= 6.4.3' | |
| Name: rexml | |
| Version: 3.3.1 | |
| CVE: CVE-2024-39908 | |
| GHSA: GHSA-4xqq-m2hx-25v8 | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8 | |
| Title: DoS in REXML | |
| Solution: upgrade to '>= 3.3.2' | |
| Name: rexml | |
| Version: 3.3.1 | |
| CVE: CVE-2024-41123 | |
| GHSA: GHSA-r55c-59qm-vjw6 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.3.1 | |
| CVE: CVE-2024-41946 | |
| GHSA: GHSA-5866-49gr-22v4 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.3.1 | |
| CVE: CVE-2024-43398 | |
| GHSA: GHSA-vmwr-mc7x-5vc3 | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-vmwr-mc7x-5vc3 | |
| Title: REXML denial of service vulnerability | |
| Solution: upgrade to '>= 3.3.6' | |
| Name: webrick | |
| Version: 1.8.1 | |
| CVE: CVE-2024-47220 | |
| GHSA: GHSA-6f62-3596-g6w7 | |
| Criticality: High | |
| URL: https://github.com/advisories/GHSA-6f62-3596-g6w7 | |
| Title: HTTP Request Smuggling in ruby webrick | |
| Solution: upgrade to '>= 1.8.2' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/by-name/cb/cbor-diag/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/by-name/su/sublime_syntax_convertor/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/by-name/cu/cucumber/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/by-name/ov/overcommit/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/by-name/ne/neocities/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/by-name/cf/cfn-nag/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/by-name/r1/r10k/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/by-name/fo/foreman/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/by-name/ma/maid/Gemfile.lock | |
| Name: fugit | |
| Version: 1.8.1 | |
| CVE: CVE-2024-43380 | |
| GHSA: GHSA-2m96-52r3-2f3g | |
| Criticality: Medium | |
| URL: https://github.com/floraison/fugit/security/advisories/GHSA-2m96-52r3-2f3g | |
| Title: fugit parse and parse_nat stall on lengthy input | |
| Solution: upgrade to '>= 1.11.1' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/by-name/pd/pdk/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/by-name/ro/ronn/Gemfile.lock | |
| Name: nokogiri | |
| Version: 1.16.0 | |
| GHSA: GHSA-r95h-9x8f-r3f7 | |
| Criticality: Unknown | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-r95h-9x8f-r3f7 | |
| Title: Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459 | |
| Solution: upgrade to '>= 1.16.5' | |
| Name: nokogiri | |
| Version: 1.16.0 | |
| GHSA: GHSA-xc9x-jj77-9p9j | |
| Criticality: Unknown | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xc9x-jj77-9p9j | |
| Title: Use-after-free in libxml2 via Nokogiri::XML::Reader | |
| Solution: upgrade to '~> 1.15.6', '>= 1.16.2' | |
| Name: rexml | |
| Version: 3.2.6 | |
| CVE: CVE-2024-35176 | |
| GHSA: GHSA-vg3r-rm7w-2xgh | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh | |
| Title: REXML contains a denial of service vulnerability | |
| Solution: upgrade to '>= 3.2.7' | |
| Name: rexml | |
| Version: 3.2.6 | |
| CVE: CVE-2024-39908 | |
| GHSA: GHSA-4xqq-m2hx-25v8 | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8 | |
| Title: DoS in REXML | |
| Solution: upgrade to '>= 3.3.2' | |
| Name: rexml | |
| Version: 3.2.6 | |
| CVE: CVE-2024-41123 | |
| GHSA: GHSA-r55c-59qm-vjw6 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.2.6 | |
| CVE: CVE-2024-41946 | |
| GHSA: GHSA-5866-49gr-22v4 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.2.6 | |
| CVE: CVE-2024-43398 | |
| GHSA: GHSA-vmwr-mc7x-5vc3 | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-vmwr-mc7x-5vc3 | |
| Title: REXML denial of service vulnerability | |
| Solution: upgrade to '>= 3.3.6' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/by-name/pr/pru/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/by-name/cd/cddl/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/by-name/ba/bashly/Gemfile.lock | |
| Name: rexml | |
| Version: 3.2.6 | |
| CVE: CVE-2024-35176 | |
| GHSA: GHSA-vg3r-rm7w-2xgh | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh | |
| Title: REXML contains a denial of service vulnerability | |
| Solution: upgrade to '>= 3.2.7' | |
| Name: rexml | |
| Version: 3.2.6 | |
| CVE: CVE-2024-39908 | |
| GHSA: GHSA-4xqq-m2hx-25v8 | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8 | |
| Title: DoS in REXML | |
| Solution: upgrade to '>= 3.3.2' | |
| Name: rexml | |
| Version: 3.2.6 | |
| CVE: CVE-2024-41123 | |
| GHSA: GHSA-r55c-59qm-vjw6 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.2.6 | |
| CVE: CVE-2024-41946 | |
| GHSA: GHSA-5866-49gr-22v4 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.2.6 | |
| CVE: CVE-2024-43398 | |
| GHSA: GHSA-vmwr-mc7x-5vc3 | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-vmwr-mc7x-5vc3 | |
| Title: REXML denial of service vulnerability | |
| Solution: upgrade to '>= 3.3.6' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/by-name/fl/flatito/Gemfile.lock | |
| Name: rexml | |
| Version: 3.2.6 | |
| CVE: CVE-2024-35176 | |
| GHSA: GHSA-vg3r-rm7w-2xgh | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh | |
| Title: REXML contains a denial of service vulnerability | |
| Solution: upgrade to '>= 3.2.7' | |
| Name: rexml | |
| Version: 3.2.6 | |
| CVE: CVE-2024-39908 | |
| GHSA: GHSA-4xqq-m2hx-25v8 | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8 | |
| Title: DoS in REXML | |
| Solution: upgrade to '>= 3.3.2' | |
| Name: rexml | |
| Version: 3.2.6 | |
| CVE: CVE-2024-41123 | |
| GHSA: GHSA-r55c-59qm-vjw6 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.2.6 | |
| CVE: CVE-2024-41946 | |
| GHSA: GHSA-5866-49gr-22v4 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.2.6 | |
| CVE: CVE-2024-43398 | |
| GHSA: GHSA-vmwr-mc7x-5vc3 | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-vmwr-mc7x-5vc3 | |
| Title: REXML denial of service vulnerability | |
| Solution: upgrade to '>= 3.3.6' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/by-name/pg/pghero/Gemfile.lock | |
| Name: actionmailer | |
| Version: 7.0.8.3 | |
| CVE: CVE-2024-47889 | |
| GHSA: GHSA-h47h-mwp9-c6q6 | |
| Criticality: Unknown | |
| URL: https://github.com/rails/rails/security/advisories/GHSA-h47h-mwp9-c6q6 | |
| Title: Possible ReDoS vulnerability in block_format in Action Mailer | |
| Solution: upgrade to '~> 6.1.7.9', '~> 7.0.8.5', '~> 7.1.4.1', '>= 7.2.1.1' | |
| Name: actionpack | |
| Version: 7.0.8.3 | |
| CVE: CVE-2024-28103 | |
| GHSA: GHSA-fwhr-88qx-h9g7 | |
| Criticality: Medium | |
| URL: https://github.com/rails/rails/security/advisories/GHSA-fwhr-88qx-h9g7 | |
| Title: Missing security headers in Action Pack on non-HTML responses | |
| Solution: upgrade to '~> 6.1.7, >= 6.1.7.8', '~> 7.0.8, >= 7.0.8.4', '~> 7.1.3, >= 7.1.3.4', '>= 7.2.0.beta2' | |
| Name: actionpack | |
| Version: 7.0.8.3 | |
| CVE: CVE-2024-41128 | |
| GHSA: GHSA-x76w-6vjr-8xgj | |
| Criticality: Unknown | |
| URL: https://github.com/rails/rails/security/advisories/GHSA-x76w-6vjr-8xgj | |
| Title: Possible ReDoS vulnerability in query parameter filtering in Action Dispatch | |
| Solution: upgrade to '~> 6.1.7.9', '~> 7.0.8.5', '~> 7.1.4.1', '>= 7.2.1.1' | |
| Name: actionpack | |
| Version: 7.0.8.3 | |
| CVE: CVE-2024-47887 | |
| GHSA: GHSA-vfg9-r3fq-jvx4 | |
| Criticality: Unknown | |
| URL: https://github.com/rails/rails/security/advisories/GHSA-vfg9-r3fq-jvx4 | |
| Title: Possible ReDoS vulnerability in HTTP Token authentication in Action Controller | |
| Solution: upgrade to '~> 6.1.7.9', '~> 7.0.8.5', '~> 7.1.4.1', '>= 7.2.1.1' | |
| Name: actiontext | |
| Version: 7.0.8.3 | |
| CVE: CVE-2024-47888 | |
| GHSA: GHSA-wwhv-wxv9-rpgw | |
| Criticality: Unknown | |
| URL: https://github.com/rails/rails/security/advisories/GHSA-wwhv-wxv9-rpgw | |
| Title: Possible ReDoS vulnerability in plain_text_for_blockquote_node in Action Text | |
| Solution: upgrade to '~> 6.1.7.9', '~> 7.0.8.5', '~> 7.1.4.1', '>= 7.2.1.1' | |
| Name: google-protobuf | |
| Version: 4.27.0 | |
| CVE: CVE-2024-7254 | |
| GHSA: GHSA-735f-pc8j-v9w8 | |
| Criticality: High | |
| URL: https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-735f-pc8j-v9w8 | |
| Title: protobuf-java has potential Denial of Service issue | |
| Solution: upgrade to '~> 3.25.5', '~> 4.27.5', '>= 4.28.2' | |
| Name: puma | |
| Version: 6.4.2 | |
| CVE: CVE-2024-45614 | |
| GHSA: GHSA-9hf4-67fc-4vf4 | |
| Criticality: Medium | |
| URL: https://github.com/puma/puma/security/advisories/GHSA-9hf4-67fc-4vf4 | |
| Title: Puma's header normalization allows for client to clobber proxy set headers | |
| Solution: upgrade to '~> 5.6.9', '>= 6.4.3' | |
| Name: rexml | |
| Version: 3.2.8 | |
| CVE: CVE-2024-39908 | |
| GHSA: GHSA-4xqq-m2hx-25v8 | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8 | |
| Title: DoS in REXML | |
| Solution: upgrade to '>= 3.3.2' | |
| Name: rexml | |
| Version: 3.2.8 | |
| CVE: CVE-2024-41123 | |
| GHSA: GHSA-r55c-59qm-vjw6 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.2.8 | |
| CVE: CVE-2024-41946 | |
| GHSA: GHSA-5866-49gr-22v4 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.2.8 | |
| CVE: CVE-2024-43398 | |
| GHSA: GHSA-vmwr-mc7x-5vc3 | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-vmwr-mc7x-5vc3 | |
| Title: REXML denial of service vulnerability | |
| Solution: upgrade to '>= 3.3.6' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/by-name/vp/vpsfree-client/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/by-name/yo/youplot/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/by-name/fa/facter/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/games/vimgolf/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/applications/audio/tree-from-tags/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/applications/misc/coltrane/Gemfile.lock | |
| Name: activesupport | |
| Version: 7.0.4.2 | |
| CVE: CVE-2023-28120 | |
| GHSA: GHSA-pj73-v5mw-pm9j | |
| Criticality: Unknown | |
| URL: https://discuss.rubyonrails.org/t/cve-2023-28120-possible-xss-security-vulnerability-in-safebuffer-bytesplice/82469 | |
| Title: Possible XSS Security Vulnerability in SafeBuffer#bytesplice | |
| Solution: upgrade to '~> 6.1.7, >= 6.1.7.3', '>= 7.0.4.3' | |
| Name: activesupport | |
| Version: 7.0.4.2 | |
| CVE: CVE-2023-38037 | |
| GHSA: GHSA-cr5q-6q9f-rq6q | |
| Criticality: Unknown | |
| URL: https://github.com/rails/rails/releases/tag/v7.0.7.1 | |
| Title: Possible File Disclosure of Locally Encrypted Files | |
| Solution: upgrade to '~> 6.1.7, >= 6.1.7.5', '>= 7.0.7.1' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/applications/misc/doing/Gemfile.lock | |
| Name: haml | |
| Version: 4.0.3 | |
| CVE: CVE-2017-1002201 | |
| GHSA: GHSA-r53w-g4xm-3gc6 | |
| Criticality: Medium | |
| URL: https://github.com/haml/haml/commit/18576ae6e9bdcb4303fdbe6b3199869d289d67c2 | |
| Title: haml failure to escape single quotes | |
| Solution: upgrade to '>= 5.0.0.beta.2' | |
| Name: json | |
| Version: 1.8.6 | |
| CVE: CVE-2020-10663 | |
| GHSA: GHSA-jphg-qwrw-7w9g | |
| Criticality: High | |
| URL: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/ | |
| Title: json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix) | |
| Solution: upgrade to '>= 2.3.0' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/applications/misc/taskjuggler/Gemfile.lock | |
| Name: webrick | |
| Version: 1.8.1 | |
| CVE: CVE-2024-47220 | |
| GHSA: GHSA-6f62-3596-g6w7 | |
| Criticality: High | |
| URL: https://github.com/advisories/GHSA-6f62-3596-g6w7 | |
| Title: HTTP Request Smuggling in ruby webrick | |
| Solution: upgrade to '>= 1.8.2' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/applications/misc/pt/Gemfile.lock | |
| Name: addressable | |
| Version: 2.6.0 | |
| CVE: CVE-2021-32740 | |
| GHSA: GHSA-jxhc-q857-3j6g | |
| Criticality: High | |
| URL: https://github.com/advisories/GHSA-jxhc-q857-3j6g | |
| Title: Regular Expression Denial of Service in Addressable templates | |
| Solution: upgrade to '>= 2.8.0' | |
| Name: excon | |
| Version: 0.64.0 | |
| CVE: CVE-2019-16779 | |
| GHSA: GHSA-q58g-455p-8vw9 | |
| Criticality: Medium | |
| URL: https://github.com/excon/excon/security/advisories/GHSA-q58g-455p-8vw9 | |
| Title: Race condition when using persistent connections | |
| Solution: upgrade to '>= 0.71.0' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/applications/misc/jekyll/full/Gemfile.lock | |
| Name: google-protobuf | |
| Version: 4.27.2 | |
| CVE: CVE-2024-7254 | |
| GHSA: GHSA-735f-pc8j-v9w8 | |
| Criticality: High | |
| URL: https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-735f-pc8j-v9w8 | |
| Title: protobuf-java has potential Denial of Service issue | |
| Solution: upgrade to '~> 3.25.5', '~> 4.27.5', '>= 4.28.2' | |
| Name: rexml | |
| Version: 3.3.1 | |
| CVE: CVE-2024-39908 | |
| GHSA: GHSA-4xqq-m2hx-25v8 | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8 | |
| Title: DoS in REXML | |
| Solution: upgrade to '>= 3.3.2' | |
| Name: rexml | |
| Version: 3.3.1 | |
| CVE: CVE-2024-41123 | |
| GHSA: GHSA-r55c-59qm-vjw6 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.3.1 | |
| CVE: CVE-2024-41946 | |
| GHSA: GHSA-5866-49gr-22v4 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.3.1 | |
| CVE: CVE-2024-43398 | |
| GHSA: GHSA-vmwr-mc7x-5vc3 | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-vmwr-mc7x-5vc3 | |
| Title: REXML denial of service vulnerability | |
| Solution: upgrade to '>= 3.3.6' | |
| Name: webrick | |
| Version: 1.8.1 | |
| CVE: CVE-2024-47220 | |
| GHSA: GHSA-6f62-3596-g6w7 | |
| Criticality: High | |
| URL: https://github.com/advisories/GHSA-6f62-3596-g6w7 | |
| Title: HTTP Request Smuggling in ruby webrick | |
| Solution: upgrade to '>= 1.8.2' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/applications/misc/jekyll/basic/Gemfile.lock | |
| Name: google-protobuf | |
| Version: 4.27.2 | |
| CVE: CVE-2024-7254 | |
| GHSA: GHSA-735f-pc8j-v9w8 | |
| Criticality: High | |
| URL: https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-735f-pc8j-v9w8 | |
| Title: protobuf-java has potential Denial of Service issue | |
| Solution: upgrade to '~> 3.25.5', '~> 4.27.5', '>= 4.28.2' | |
| Name: rexml | |
| Version: 3.3.1 | |
| CVE: CVE-2024-39908 | |
| GHSA: GHSA-4xqq-m2hx-25v8 | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8 | |
| Title: DoS in REXML | |
| Solution: upgrade to '>= 3.3.2' | |
| Name: rexml | |
| Version: 3.3.1 | |
| CVE: CVE-2024-41123 | |
| GHSA: GHSA-r55c-59qm-vjw6 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.3.1 | |
| CVE: CVE-2024-41946 | |
| GHSA: GHSA-5866-49gr-22v4 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.3.1 | |
| CVE: CVE-2024-43398 | |
| GHSA: GHSA-vmwr-mc7x-5vc3 | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-vmwr-mc7x-5vc3 | |
| Title: REXML denial of service vulnerability | |
| Solution: upgrade to '>= 3.3.6' | |
| Name: webrick | |
| Version: 1.8.1 | |
| CVE: CVE-2024-47220 | |
| GHSA: GHSA-6f62-3596-g6w7 | |
| Criticality: High | |
| URL: https://github.com/advisories/GHSA-6f62-3596-g6w7 | |
| Title: HTTP Request Smuggling in ruby webrick | |
| Solution: upgrade to '>= 1.8.2' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/applications/misc/gollum/Gemfile.lock | |
| Name: rexml | |
| Version: 3.3.2 | |
| CVE: CVE-2024-41123 | |
| GHSA: GHSA-r55c-59qm-vjw6 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.3.2 | |
| CVE: CVE-2024-41946 | |
| GHSA: GHSA-5866-49gr-22v4 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.3.2 | |
| CVE: CVE-2024-43398 | |
| GHSA: GHSA-vmwr-mc7x-5vc3 | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-vmwr-mc7x-5vc3 | |
| Title: REXML denial of service vulnerability | |
| Solution: upgrade to '>= 3.3.6' | |
| Name: webrick | |
| Version: 1.8.1 | |
| CVE: CVE-2024-47220 | |
| GHSA: GHSA-6f62-3596-g6w7 | |
| Criticality: High | |
| URL: https://github.com/advisories/GHSA-6f62-3596-g6w7 | |
| Title: HTTP Request Smuggling in ruby webrick | |
| Solution: upgrade to '>= 1.8.2' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/applications/networking/cluster/terraforming/Gemfile.lock | |
| Name: jmespath | |
| Version: 1.4.0 | |
| CVE: CVE-2022-32511 | |
| GHSA: GHSA-5c5f-7vfq-3732 | |
| Criticality: Critical | |
| URL: https://github.com/jmespath/jmespath.rb/pull/55 | |
| Title: JMESPath for Ruby using JSON.load instead of JSON.parse | |
| Solution: upgrade to '>= 1.6.1' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/applications/networking/cluster/terraform-landscape/Gemfile.lock | |
| Name: diffy | |
| Version: 3.2.1 | |
| CVE: CVE-2022-33127 | |
| GHSA: GHSA-5ww9-9qp2-x524 | |
| Criticality: Critical | |
| URL: https://github.com/samg/diffy/commit/478f392082b66d38f54a02b4bb9c41be32fd6593 | |
| Title: Improper handling of double quotes in file name in Diffy in Windows environment | |
| Solution: upgrade to '>= 3.4.1' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/applications/networking/cluster/terraspace/Gemfile.lock | |
| Name: rexml | |
| Version: 3.3.2 | |
| CVE: CVE-2024-41123 | |
| GHSA: GHSA-r55c-59qm-vjw6 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.3.2 | |
| CVE: CVE-2024-41946 | |
| GHSA: GHSA-5866-49gr-22v4 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.3.2 | |
| CVE: CVE-2024-43398 | |
| GHSA: GHSA-vmwr-mc7x-5vc3 | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-vmwr-mc7x-5vc3 | |
| Title: REXML denial of service vulnerability | |
| Solution: upgrade to '>= 3.3.6' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/applications/networking/cluster/krane/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/applications/networking/wayback_machine_downloader/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/applications/version-management/bitbucket-server-cli/Gemfile.lock | |
| Name: addressable | |
| Version: 2.5.0 | |
| CVE: CVE-2021-32740 | |
| GHSA: GHSA-jxhc-q857-3j6g | |
| Criticality: High | |
| URL: https://github.com/advisories/GHSA-jxhc-q857-3j6g | |
| Title: Regular Expression Denial of Service in Addressable templates | |
| Solution: upgrade to '>= 2.8.0' | |
| Name: git | |
| Version: 1.3.0 | |
| CVE: CVE-2022-25648 | |
| GHSA: GHSA-69p6-wvmq-27gg | |
| Criticality: Critical | |
| URL: https://github.com/ruby-git/ruby-git/pull/569 | |
| Title: Command injection in ruby-git | |
| Solution: upgrade to '>= 1.11.0' | |
| Name: git | |
| Version: 1.3.0 | |
| CVE: CVE-2022-46648 | |
| GHSA: GHSA-pfpr-3463-c6jh | |
| Criticality: Medium | |
| URL: https://github.com/ruby-git/ruby-git/pull/602 | |
| Title: Potential remote code execution in ruby-git | |
| Solution: upgrade to '>= 1.13.0' | |
| Name: git | |
| Version: 1.3.0 | |
| CVE: CVE-2022-47318 | |
| GHSA: GHSA-pphf-gfrm-v32r | |
| Criticality: High | |
| URL: https://github.com/ruby-git/ruby-git/pull/602 | |
| Title: Code injection in ruby git | |
| Solution: upgrade to '>= 1.13.0' | |
| Name: json | |
| Version: 2.0.2 | |
| CVE: CVE-2020-10663 | |
| GHSA: GHSA-jphg-qwrw-7w9g | |
| Criticality: High | |
| URL: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/ | |
| Title: json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix) | |
| Solution: upgrade to '>= 2.3.0' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/applications/version-management/gitlab/rubyEnv/Gemfile.lock | |
| Name: actionmailer | |
| Version: 7.0.8.4 | |
| CVE: CVE-2024-47889 | |
| GHSA: GHSA-h47h-mwp9-c6q6 | |
| Criticality: Unknown | |
| URL: https://github.com/rails/rails/security/advisories/GHSA-h47h-mwp9-c6q6 | |
| Title: Possible ReDoS vulnerability in block_format in Action Mailer | |
| Solution: upgrade to '~> 6.1.7.9', '~> 7.0.8.5', '~> 7.1.4.1', '>= 7.2.1.1' | |
| Name: actionpack | |
| Version: 7.0.8.4 | |
| CVE: CVE-2024-41128 | |
| GHSA: GHSA-x76w-6vjr-8xgj | |
| Criticality: Unknown | |
| URL: https://github.com/rails/rails/security/advisories/GHSA-x76w-6vjr-8xgj | |
| Title: Possible ReDoS vulnerability in query parameter filtering in Action Dispatch | |
| Solution: upgrade to '~> 6.1.7.9', '~> 7.0.8.5', '~> 7.1.4.1', '>= 7.2.1.1' | |
| Name: actionpack | |
| Version: 7.0.8.4 | |
| CVE: CVE-2024-47887 | |
| GHSA: GHSA-vfg9-r3fq-jvx4 | |
| Criticality: Unknown | |
| URL: https://github.com/rails/rails/security/advisories/GHSA-vfg9-r3fq-jvx4 | |
| Title: Possible ReDoS vulnerability in HTTP Token authentication in Action Controller | |
| Solution: upgrade to '~> 6.1.7.9', '~> 7.0.8.5', '~> 7.1.4.1', '>= 7.2.1.1' | |
| Name: actiontext | |
| Version: 7.0.8.4 | |
| CVE: CVE-2024-47888 | |
| GHSA: GHSA-wwhv-wxv9-rpgw | |
| Criticality: Unknown | |
| URL: https://github.com/rails/rails/security/advisories/GHSA-wwhv-wxv9-rpgw | |
| Title: Possible ReDoS vulnerability in plain_text_for_blockquote_node in Action Text | |
| Solution: upgrade to '~> 6.1.7.9', '~> 7.0.8.5', '~> 7.1.4.1', '>= 7.2.1.1' | |
| Name: carrierwave | |
| Version: 1.3.4 | |
| CVE: CVE-2023-49090 | |
| GHSA: GHSA-gxhx-g4fq-49hj | |
| Criticality: Medium | |
| URL: https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-gxhx-g4fq-49hj | |
| Title: CarrierWave Content-Type allowlist bypass vulnerability, possibly leading to XSS | |
| Solution: upgrade to '~> 2.2.5', '>= 3.0.5' | |
| Name: carrierwave | |
| Version: 1.3.4 | |
| CVE: CVE-2024-29034 | |
| GHSA: GHSA-vfmv-jfc5-pjjw | |
| Criticality: Medium | |
| URL: https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-vfmv-jfc5-pjjw | |
| Title: CarrierWave content-Type allowlist bypass vulnerability which possibly leads to XSS remained | |
| Solution: upgrade to '~> 2.2.6', '>= 3.0.7' | |
| Name: devise-two-factor | |
| Version: 4.1.1 | |
| CVE: CVE-2024-8796 | |
| GHSA: GHSA-qjxf-mc72-wjr2 | |
| Criticality: Medium | |
| URL: https://github.com/devise-two-factor/devise-two-factor/security/advisories/GHSA-qjxf-mc72-wjr2 | |
| Title: Devise-Two-Factor Authentication Uses Insufficient Default OTP Shared Secret Length | |
| Solution: upgrade to '>= 6.0.0' | |
| Name: fugit | |
| Version: 1.8.1 | |
| CVE: CVE-2024-43380 | |
| GHSA: GHSA-2m96-52r3-2f3g | |
| Criticality: Medium | |
| URL: https://github.com/floraison/fugit/security/advisories/GHSA-2m96-52r3-2f3g | |
| Title: fugit parse and parse_nat stall on lengthy input | |
| Solution: upgrade to '>= 1.11.1' | |
| Name: google-protobuf | |
| Version: 3.25.3 | |
| CVE: CVE-2024-7254 | |
| GHSA: GHSA-735f-pc8j-v9w8 | |
| Criticality: High | |
| URL: https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-735f-pc8j-v9w8 | |
| Title: protobuf-java has potential Denial of Service issue | |
| Solution: upgrade to '~> 3.25.5', '~> 4.27.5', '>= 4.28.2' | |
| Name: json-jwt | |
| Version: 1.15.3 | |
| CVE: CVE-2023-51774 | |
| GHSA: GHSA-c8v6-786g-vjx6 | |
| Criticality: Unknown | |
| URL: https://github.com/P3ngu1nW/CVE_Request/blob/main/novjson-jwt.md | |
| Title: json-jwt allows bypass of identity checks via a sign/encryption confusion attack | |
| Solution: upgrade to '~> 1.15.3, >= 1.15.3.1', '>= 1.16.6' | |
| Name: nokogiri | |
| Version: 1.16.0 | |
| GHSA: GHSA-r95h-9x8f-r3f7 | |
| Criticality: Unknown | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-r95h-9x8f-r3f7 | |
| Title: Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459 | |
| Solution: upgrade to '>= 1.16.5' | |
| Name: nokogiri | |
| Version: 1.16.0 | |
| GHSA: GHSA-xc9x-jj77-9p9j | |
| Criticality: Unknown | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xc9x-jj77-9p9j | |
| Title: Use-after-free in libxml2 via Nokogiri::XML::Reader | |
| Solution: upgrade to '~> 1.15.6', '>= 1.16.2' | |
| Name: puma | |
| Version: 6.4.0 | |
| CVE: CVE-2024-21647 | |
| GHSA: GHSA-c2f4-cvqm-65w2 | |
| Criticality: Medium | |
| URL: https://github.com/puma/puma/security/advisories/GHSA-c2f4-cvqm-65w2 | |
| Title: Puma HTTP Request/Response Smuggling vulnerability | |
| Solution: upgrade to '~> 5.6.8', '>= 6.4.2' | |
| Name: puma | |
| Version: 6.4.0 | |
| CVE: CVE-2024-45614 | |
| GHSA: GHSA-9hf4-67fc-4vf4 | |
| Criticality: Medium | |
| URL: https://github.com/puma/puma/security/advisories/GHSA-9hf4-67fc-4vf4 | |
| Title: Puma's header normalization allows for client to clobber proxy set headers | |
| Solution: upgrade to '~> 5.6.9', '>= 6.4.3' | |
| Name: rexml | |
| Version: 3.2.6 | |
| CVE: CVE-2024-35176 | |
| GHSA: GHSA-vg3r-rm7w-2xgh | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh | |
| Title: REXML contains a denial of service vulnerability | |
| Solution: upgrade to '>= 3.2.7' | |
| Name: rexml | |
| Version: 3.2.6 | |
| CVE: CVE-2024-39908 | |
| GHSA: GHSA-4xqq-m2hx-25v8 | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8 | |
| Title: DoS in REXML | |
| Solution: upgrade to '>= 3.3.2' | |
| Name: rexml | |
| Version: 3.2.6 | |
| CVE: CVE-2024-41123 | |
| GHSA: GHSA-r55c-59qm-vjw6 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.2.6 | |
| CVE: CVE-2024-41946 | |
| GHSA: GHSA-5866-49gr-22v4 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.2.6 | |
| CVE: CVE-2024-43398 | |
| GHSA: GHSA-vmwr-mc7x-5vc3 | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-vmwr-mc7x-5vc3 | |
| Title: REXML denial of service vulnerability | |
| Solution: upgrade to '>= 3.3.6' | |
| Name: webrick | |
| Version: 1.8.1 | |
| CVE: CVE-2024-47220 | |
| GHSA: GHSA-6f62-3596-g6w7 | |
| Criticality: High | |
| URL: https://github.com/advisories/GHSA-6f62-3596-g6w7 | |
| Title: HTTP Request Smuggling in ruby webrick | |
| Solution: upgrade to '>= 1.8.2' | |
| Name: yard | |
| Version: 0.9.26 | |
| CVE: CVE-2024-27285 | |
| GHSA: GHSA-8mq4-9jjh-9xrc | |
| Criticality: Medium | |
| URL: https://github.com/advisories/GHSA-8mq4-9jjh-9xrc | |
| Title: YARD's default template vulnerable to Cross-site Scripting in generated frames.html | |
| Solution: upgrade to '>= 0.9.36' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/applications/version-management/gitlab-triage/Gemfile.lock | |
| Name: activesupport | |
| Version: 7.0.3 | |
| CVE: CVE-2023-22796 | |
| GHSA: GHSA-j6gc-792m-qgm2 | |
| Criticality: Unknown | |
| URL: https://github.com/rails/rails/releases/tag/v7.0.4.1 | |
| Title: ReDoS based DoS vulnerability in Active Support’s underscore | |
| Solution: upgrade to '~> 5.2.8, >= 5.2.8.15', '~> 6.1.7, >= 6.1.7.1', '>= 7.0.4.1' | |
| Name: activesupport | |
| Version: 7.0.3 | |
| CVE: CVE-2023-28120 | |
| GHSA: GHSA-pj73-v5mw-pm9j | |
| Criticality: Unknown | |
| URL: https://discuss.rubyonrails.org/t/cve-2023-28120-possible-xss-security-vulnerability-in-safebuffer-bytesplice/82469 | |
| Title: Possible XSS Security Vulnerability in SafeBuffer#bytesplice | |
| Solution: upgrade to '~> 6.1.7, >= 6.1.7.3', '>= 7.0.4.3' | |
| Name: activesupport | |
| Version: 7.0.3 | |
| CVE: CVE-2023-38037 | |
| GHSA: GHSA-cr5q-6q9f-rq6q | |
| Criticality: Unknown | |
| URL: https://github.com/rails/rails/releases/tag/v7.0.7.1 | |
| Title: Possible File Disclosure of Locally Encrypted Files | |
| Solution: upgrade to '~> 6.1.7, >= 6.1.7.5', '>= 7.0.7.1' | |
| Name: globalid | |
| Version: 0.6.0 | |
| CVE: CVE-2023-22799 | |
| GHSA: GHSA-23c2-gwp5-pxw9 | |
| Criticality: Unknown | |
| URL: https://github.com/rails/globalid/releases/tag/v1.0.1 | |
| Title: ReDoS based DoS vulnerability in GlobalID | |
| Solution: upgrade to '>= 1.0.1' | |
| Name: httparty | |
| Version: 0.20.0 | |
| CVE: CVE-2024-22049 | |
| GHSA: GHSA-5pq7-52mg-hr42 | |
| Criticality: Medium | |
| URL: https://github.com/jnunemaker/httparty/security/advisories/GHSA-5pq7-52mg-hr42 | |
| Title: httparty has multipart/form-data request tampering vulnerability | |
| Solution: upgrade to '>= 0.21.0' | |
| Name: httparty | |
| Version: 0.20.0 | |
| GHSA: GHSA-5pq7-52mg-hr42 | |
| Criticality: Medium | |
| URL: https://github.com/jnunemaker/httparty/security/advisories/GHSA-5pq7-52mg-hr42 | |
| Title: httparty has multipart/form-data request tampering vulnerability | |
| Solution: upgrade to '>= 0.21.0' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/applications/version-management/danger-gitlab/Gemfile.lock | |
| Name: git | |
| Version: 1.9.1 | |
| CVE: CVE-2022-25648 | |
| GHSA: GHSA-69p6-wvmq-27gg | |
| Criticality: Critical | |
| URL: https://github.com/ruby-git/ruby-git/pull/569 | |
| Title: Command injection in ruby-git | |
| Solution: upgrade to '>= 1.11.0' | |
| Name: git | |
| Version: 1.9.1 | |
| CVE: CVE-2022-46648 | |
| GHSA: GHSA-pfpr-3463-c6jh | |
| Criticality: Medium | |
| URL: https://github.com/ruby-git/ruby-git/pull/602 | |
| Title: Potential remote code execution in ruby-git | |
| Solution: upgrade to '>= 1.13.0' | |
| Name: git | |
| Version: 1.9.1 | |
| CVE: CVE-2022-47318 | |
| GHSA: GHSA-pphf-gfrm-v32r | |
| Criticality: High | |
| URL: https://github.com/ruby-git/ruby-git/pull/602 | |
| Title: Code injection in ruby git | |
| Solution: upgrade to '>= 1.13.0' | |
| Name: httparty | |
| Version: 0.18.1 | |
| CVE: CVE-2024-22049 | |
| GHSA: GHSA-5pq7-52mg-hr42 | |
| Criticality: Medium | |
| URL: https://github.com/jnunemaker/httparty/security/advisories/GHSA-5pq7-52mg-hr42 | |
| Title: httparty has multipart/form-data request tampering vulnerability | |
| Solution: upgrade to '>= 0.21.0' | |
| Name: httparty | |
| Version: 0.18.1 | |
| GHSA: GHSA-5pq7-52mg-hr42 | |
| Criticality: Medium | |
| URL: https://github.com/jnunemaker/httparty/security/advisories/GHSA-5pq7-52mg-hr42 | |
| Title: httparty has multipart/form-data request tampering vulnerability | |
| Solution: upgrade to '>= 0.21.0' | |
| Name: rexml | |
| Version: 3.2.5 | |
| CVE: CVE-2024-35176 | |
| GHSA: GHSA-vg3r-rm7w-2xgh | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh | |
| Title: REXML contains a denial of service vulnerability | |
| Solution: upgrade to '>= 3.2.7' | |
| Name: rexml | |
| Version: 3.2.5 | |
| CVE: CVE-2024-39908 | |
| GHSA: GHSA-4xqq-m2hx-25v8 | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8 | |
| Title: DoS in REXML | |
| Solution: upgrade to '>= 3.3.2' | |
| Name: rexml | |
| Version: 3.2.5 | |
| CVE: CVE-2024-41123 | |
| GHSA: GHSA-r55c-59qm-vjw6 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.2.5 | |
| CVE: CVE-2024-41946 | |
| GHSA: GHSA-5866-49gr-22v4 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.2.5 | |
| CVE: CVE-2024-43398 | |
| GHSA: GHSA-vmwr-mc7x-5vc3 | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-vmwr-mc7x-5vc3 | |
| Title: REXML denial of service vulnerability | |
| Solution: upgrade to '>= 3.3.6' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/applications/version-management/git-fame/Gemfile.lock | |
| Name: activesupport | |
| Version: 7.0.6 | |
| CVE: CVE-2023-38037 | |
| GHSA: GHSA-cr5q-6q9f-rq6q | |
| Criticality: Unknown | |
| URL: https://github.com/rails/rails/releases/tag/v7.0.7.1 | |
| Title: Possible File Disclosure of Locally Encrypted Files | |
| Solution: upgrade to '~> 6.1.7, >= 6.1.7.5', '>= 7.0.7.1' | |
| Name: rexml | |
| Version: 3.2.5 | |
| CVE: CVE-2024-35176 | |
| GHSA: GHSA-vg3r-rm7w-2xgh | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh | |
| Title: REXML contains a denial of service vulnerability | |
| Solution: upgrade to '>= 3.2.7' | |
| Name: rexml | |
| Version: 3.2.5 | |
| CVE: CVE-2024-39908 | |
| GHSA: GHSA-4xqq-m2hx-25v8 | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8 | |
| Title: DoS in REXML | |
| Solution: upgrade to '>= 3.3.2' | |
| Name: rexml | |
| Version: 3.2.5 | |
| CVE: CVE-2024-41123 | |
| GHSA: GHSA-r55c-59qm-vjw6 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.2.5 | |
| CVE: CVE-2024-41946 | |
| GHSA: GHSA-5866-49gr-22v4 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.2.5 | |
| CVE: CVE-2024-43398 | |
| GHSA: GHSA-vmwr-mc7x-5vc3 | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-vmwr-mc7x-5vc3 | |
| Title: REXML denial of service vulnerability | |
| Solution: upgrade to '>= 3.3.6' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/applications/office/timetrap/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/applications/office/ledger-web/Gemfile.lock | |
| Name: rack | |
| Version: 2.0.7 | |
| CVE: CVE-2019-16782 | |
| GHSA: GHSA-hrqr-hxpp-chr3 | |
| Criticality: Medium | |
| URL: https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3 | |
| Title: Possible information leak / session hijack vulnerability | |
| Solution: upgrade to '~> 1.6.12', '>= 2.0.8' | |
| Name: rack | |
| Version: 2.0.7 | |
| CVE: CVE-2020-8161 | |
| GHSA: GHSA-5f9h-9pjv-v6j7 | |
| Criticality: High | |
| URL: https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA | |
| Title: Directory traversal in Rack::Directory app bundled with Rack | |
| Solution: upgrade to '~> 2.1.3', '>= 2.2.0' | |
| Name: rack | |
| Version: 2.0.7 | |
| CVE: CVE-2020-8184 | |
| GHSA: GHSA-j6w9-fv6q-3q52 | |
| Criticality: High | |
| URL: https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak | |
| Title: Percent-encoded cookies can be used to overwrite existing prefixed cookie names | |
| Solution: upgrade to '~> 2.1.4', '>= 2.2.3' | |
| Name: rack | |
| Version: 2.0.7 | |
| CVE: CVE-2022-30122 | |
| GHSA: GHSA-hxqx-xwvh-44m2 | |
| Criticality: High | |
| URL: https://groups.google.com/g/ruby-security-ann/c/L2Axto442qk | |
| Title: Denial of Service Vulnerability in Rack Multipart Parsing | |
| Solution: upgrade to '~> 2.0.9, >= 2.0.9.1', '~> 2.1.4, >= 2.1.4.1', '>= 2.2.3.1' | |
| Name: rack | |
| Version: 2.0.7 | |
| CVE: CVE-2022-30123 | |
| GHSA: GHSA-wq4h-7r42-5hrr | |
| Criticality: Critical | |
| URL: https://groups.google.com/g/ruby-security-ann/c/LWB10kWzag8 | |
| Title: Possible shell escape sequence injection vulnerability in Rack | |
| Solution: upgrade to '~> 2.0.9, >= 2.0.9.1', '~> 2.1.4, >= 2.1.4.1', '>= 2.2.3.1' | |
| Name: rack | |
| Version: 2.0.7 | |
| CVE: CVE-2022-44570 | |
| GHSA: GHSA-65f5-mfpf-vfhj | |
| Criticality: High | |
| URL: https://github.com/rack/rack/releases/tag/v3.0.4.1 | |
| Title: Denial of service via header parsing in Rack | |
| Solution: upgrade to '~> 2.0.9, >= 2.0.9.2', '~> 2.1.4, >= 2.1.4.2', '~> 2.2.6, >= 2.2.6.2', '>= 3.0.4.1' | |
| Name: rack | |
| Version: 2.0.7 | |
| CVE: CVE-2022-44571 | |
| GHSA: GHSA-93pm-5p5f-3ghx | |
| Criticality: Unknown | |
| URL: https://github.com/rack/rack/releases/tag/v3.0.4.1 | |
| Title: Denial of Service Vulnerability in Rack Content-Disposition parsing | |
| Solution: upgrade to '~> 2.0.9, >= 2.0.9.2', '~> 2.1.4, >= 2.1.4.2', '~> 2.2.6, >= 2.2.6.1', '>= 3.0.4.1' | |
| Name: rack | |
| Version: 2.0.7 | |
| CVE: CVE-2022-44572 | |
| GHSA: GHSA-rqv2-275x-2jq5 | |
| Criticality: Unknown | |
| URL: https://github.com/rack/rack/releases/tag/v3.0.4.1 | |
| Title: Denial of service via multipart parsing in Rack | |
| Solution: upgrade to '~> 2.0.9, >= 2.0.9.2', '~> 2.1.4, >= 2.1.4.2', '~> 2.2.6, >= 2.2.6.1', '>= 3.0.4.1' | |
| Name: rack | |
| Version: 2.0.7 | |
| CVE: CVE-2023-27530 | |
| GHSA: GHSA-3h57-hmj3-gj3p | |
| Criticality: High | |
| URL: https://discuss.rubyonrails.org/t/cve-2023-27530-possible-dos-vulnerability-in-multipart-mime-parsing/82388 | |
| Title: Possible DoS Vulnerability in Multipart MIME parsing | |
| Solution: upgrade to '~> 2.0.9, >= 2.0.9.3', '~> 2.1.4, >= 2.1.4.3', '~> 2.2.6, >= 2.2.6.3', '>= 3.0.4.2' | |
| Name: rack | |
| Version: 2.0.7 | |
| CVE: CVE-2023-27539 | |
| GHSA: GHSA-c6qg-cjj8-47qp | |
| Criticality: Unknown | |
| URL: https://discuss.rubyonrails.org/t/cve-2023-27539-possible-denial-of-service-vulnerability-in-racks-header-parsing/82466 | |
| Title: Possible Denial of Service Vulnerability in Rack’s header parsing | |
| Solution: upgrade to '~> 2.0, >= 2.2.6.4', '>= 3.0.6.1' | |
| Name: rack | |
| Version: 2.0.7 | |
| CVE: CVE-2024-25126 | |
| GHSA: GHSA-22f2-v57c-j9cx | |
| Criticality: Medium | |
| URL: https://discuss.rubyonrails.org/t/denial-of-service-vulnerability-in-rack-content-type-parsing/84941 | |
| Title: Denial of Service Vulnerability in Rack Content-Type Parsing | |
| Solution: upgrade to '~> 2.2.8, >= 2.2.8.1', '>= 3.0.9.1' | |
| Name: rack | |
| Version: 2.0.7 | |
| CVE: CVE-2024-26141 | |
| GHSA: GHSA-xj5v-6v4g-jfw6 | |
| Criticality: Unknown | |
| URL: https://discuss.rubyonrails.org/t/possible-dos-vulnerability-with-range-header-in-rack/84944 | |
| Title: Possible DoS Vulnerability with Range Header in Rack | |
| Solution: upgrade to '~> 2.2.8, >= 2.2.8.1', '>= 3.0.9.1' | |
| Name: rack | |
| Version: 2.0.7 | |
| CVE: CVE-2024-26146 | |
| GHSA: GHSA-54rr-7fvw-6x8f | |
| Criticality: Unknown | |
| URL: https://discuss.rubyonrails.org/t/possible-denial-of-service-vulnerability-in-rack-header-parsing/84942 | |
| Title: Possible Denial of Service Vulnerability in Rack Header Parsing | |
| Solution: upgrade to '~> 2.0.9, >= 2.0.9.4', '~> 2.1.4, >= 2.1.4.4', '~> 2.2.8, >= 2.2.8.1', '>= 3.0.9.1' | |
| Name: sinatra | |
| Version: 2.0.5 | |
| CVE: CVE-2022-29970 | |
| GHSA: GHSA-qp49-3pvw-x4m5 | |
| Criticality: High | |
| URL: https://github.com/sinatra/sinatra/pull/1683 | |
| Title: sinatra does not validate expanded path matches | |
| Solution: upgrade to '>= 2.2.0' | |
| Name: sinatra | |
| Version: 2.0.5 | |
| CVE: CVE-2022-45442 | |
| GHSA: GHSA-2x8x-jmrp-phxw | |
| Criticality: High | |
| URL: https://github.com/sinatra/sinatra/security/advisories/GHSA-2x8x-jmrp-phxw | |
| Title: Sinatra vulnerable to Reflected File Download attack | |
| Solution: upgrade to '~> 2.2.3', '>= 3.0.4' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/applications/editors/jupyter-kernels/iruby/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/applications/editors/neovim/ruby_provider/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/applications/graphics/image_optim/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/servers/monitoring/sensu/Gemfile.lock | |
| Name: addressable | |
| Version: 2.6.0 | |
| CVE: CVE-2021-32740 | |
| GHSA: GHSA-jxhc-q857-3j6g | |
| Criticality: High | |
| URL: https://github.com/advisories/GHSA-jxhc-q857-3j6g | |
| Title: Regular Expression Denial of Service in Addressable templates | |
| Solution: upgrade to '>= 2.8.0' | |
| Name: em-http-request | |
| Version: 1.1.5 | |
| CVE: CVE-2020-13482 | |
| GHSA: GHSA-q27f-v3r6-9v77 | |
| Criticality: High | |
| URL: https://github.com/advisories/GHSA-q27f-v3r6-9v77 | |
| Title: Improper Certificate Validation in EM-HTTP-Request | |
| Solution: upgrade to '>= 1.1.6' | |
| Name: ffi | |
| Version: 1.9.21 | |
| CVE: CVE-2018-1000201 | |
| GHSA: GHSA-2gw2-8q9w-cw8p | |
| Criticality: High | |
| URL: https://github.com/ffi/ffi/releases/tag/1.9.24 | |
| Title: ruby-ffi DDL loading issue on Windows OS | |
| Solution: upgrade to '>= 1.9.24' | |
| Name: jmespath | |
| Version: 1.4.0 | |
| CVE: CVE-2022-32511 | |
| GHSA: GHSA-5c5f-7vfq-3732 | |
| Criticality: Critical | |
| URL: https://github.com/jmespath/jmespath.rb/pull/55 | |
| Title: JMESPath for Ruby using JSON.load instead of JSON.parse | |
| Solution: upgrade to '>= 1.6.1' | |
| Name: json | |
| Version: 1.8.6 | |
| CVE: CVE-2020-10663 | |
| GHSA: GHSA-jphg-qwrw-7w9g | |
| Criticality: High | |
| URL: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/ | |
| Title: json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix) | |
| Solution: upgrade to '>= 2.3.0' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/servers/monitoring/riemann-dash/Gemfile.lock | |
| Name: rack | |
| Version: 1.6.11 | |
| CVE: CVE-2019-16782 | |
| GHSA: GHSA-hrqr-hxpp-chr3 | |
| Criticality: Medium | |
| URL: https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3 | |
| Title: Possible information leak / session hijack vulnerability | |
| Solution: upgrade to '~> 1.6.12', '>= 2.0.8' | |
| Name: rack | |
| Version: 1.6.11 | |
| CVE: CVE-2020-8161 | |
| GHSA: GHSA-5f9h-9pjv-v6j7 | |
| Criticality: High | |
| URL: https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA | |
| Title: Directory traversal in Rack::Directory app bundled with Rack | |
| Solution: upgrade to '~> 2.1.3', '>= 2.2.0' | |
| Name: rack | |
| Version: 1.6.11 | |
| CVE: CVE-2020-8184 | |
| GHSA: GHSA-j6w9-fv6q-3q52 | |
| Criticality: High | |
| URL: https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak | |
| Title: Percent-encoded cookies can be used to overwrite existing prefixed cookie names | |
| Solution: upgrade to '~> 2.1.4', '>= 2.2.3' | |
| Name: rack | |
| Version: 1.6.11 | |
| CVE: CVE-2022-30122 | |
| GHSA: GHSA-hxqx-xwvh-44m2 | |
| Criticality: High | |
| URL: https://groups.google.com/g/ruby-security-ann/c/L2Axto442qk | |
| Title: Denial of Service Vulnerability in Rack Multipart Parsing | |
| Solution: upgrade to '~> 2.0.9, >= 2.0.9.1', '~> 2.1.4, >= 2.1.4.1', '>= 2.2.3.1' | |
| Name: rack | |
| Version: 1.6.11 | |
| CVE: CVE-2022-30123 | |
| GHSA: GHSA-wq4h-7r42-5hrr | |
| Criticality: Critical | |
| URL: https://groups.google.com/g/ruby-security-ann/c/LWB10kWzag8 | |
| Title: Possible shell escape sequence injection vulnerability in Rack | |
| Solution: upgrade to '~> 2.0.9, >= 2.0.9.1', '~> 2.1.4, >= 2.1.4.1', '>= 2.2.3.1' | |
| Name: rack | |
| Version: 1.6.11 | |
| CVE: CVE-2022-44570 | |
| GHSA: GHSA-65f5-mfpf-vfhj | |
| Criticality: High | |
| URL: https://github.com/rack/rack/releases/tag/v3.0.4.1 | |
| Title: Denial of service via header parsing in Rack | |
| Solution: upgrade to '~> 2.0.9, >= 2.0.9.2', '~> 2.1.4, >= 2.1.4.2', '~> 2.2.6, >= 2.2.6.2', '>= 3.0.4.1' | |
| Name: rack | |
| Version: 1.6.11 | |
| CVE: CVE-2022-44571 | |
| GHSA: GHSA-93pm-5p5f-3ghx | |
| Criticality: Unknown | |
| URL: https://github.com/rack/rack/releases/tag/v3.0.4.1 | |
| Title: Denial of Service Vulnerability in Rack Content-Disposition parsing | |
| Solution: upgrade to '~> 2.0.9, >= 2.0.9.2', '~> 2.1.4, >= 2.1.4.2', '~> 2.2.6, >= 2.2.6.1', '>= 3.0.4.1' | |
| Name: rack | |
| Version: 1.6.11 | |
| CVE: CVE-2022-44572 | |
| GHSA: GHSA-rqv2-275x-2jq5 | |
| Criticality: Unknown | |
| URL: https://github.com/rack/rack/releases/tag/v3.0.4.1 | |
| Title: Denial of service via multipart parsing in Rack | |
| Solution: upgrade to '~> 2.0.9, >= 2.0.9.2', '~> 2.1.4, >= 2.1.4.2', '~> 2.2.6, >= 2.2.6.1', '>= 3.0.4.1' | |
| Name: rack | |
| Version: 1.6.11 | |
| CVE: CVE-2023-27530 | |
| GHSA: GHSA-3h57-hmj3-gj3p | |
| Criticality: High | |
| URL: https://discuss.rubyonrails.org/t/cve-2023-27530-possible-dos-vulnerability-in-multipart-mime-parsing/82388 | |
| Title: Possible DoS Vulnerability in Multipart MIME parsing | |
| Solution: upgrade to '~> 2.0.9, >= 2.0.9.3', '~> 2.1.4, >= 2.1.4.3', '~> 2.2.6, >= 2.2.6.3', '>= 3.0.4.2' | |
| Name: rack | |
| Version: 1.6.11 | |
| CVE: CVE-2023-27539 | |
| GHSA: GHSA-c6qg-cjj8-47qp | |
| Criticality: Unknown | |
| URL: https://discuss.rubyonrails.org/t/cve-2023-27539-possible-denial-of-service-vulnerability-in-racks-header-parsing/82466 | |
| Title: Possible Denial of Service Vulnerability in Rack’s header parsing | |
| Solution: upgrade to '~> 2.0, >= 2.2.6.4', '>= 3.0.6.1' | |
| Name: rack | |
| Version: 1.6.11 | |
| CVE: CVE-2024-25126 | |
| GHSA: GHSA-22f2-v57c-j9cx | |
| Criticality: Medium | |
| URL: https://discuss.rubyonrails.org/t/denial-of-service-vulnerability-in-rack-content-type-parsing/84941 | |
| Title: Denial of Service Vulnerability in Rack Content-Type Parsing | |
| Solution: upgrade to '~> 2.2.8, >= 2.2.8.1', '>= 3.0.9.1' | |
| Name: rack | |
| Version: 1.6.11 | |
| CVE: CVE-2024-26141 | |
| GHSA: GHSA-xj5v-6v4g-jfw6 | |
| Criticality: Unknown | |
| URL: https://discuss.rubyonrails.org/t/possible-dos-vulnerability-with-range-header-in-rack/84944 | |
| Title: Possible DoS Vulnerability with Range Header in Rack | |
| Solution: upgrade to '~> 2.2.8, >= 2.2.8.1', '>= 3.0.9.1' | |
| Name: rack | |
| Version: 1.6.11 | |
| CVE: CVE-2024-26146 | |
| GHSA: GHSA-54rr-7fvw-6x8f | |
| Criticality: Unknown | |
| URL: https://discuss.rubyonrails.org/t/possible-denial-of-service-vulnerability-in-rack-header-parsing/84942 | |
| Title: Possible Denial of Service Vulnerability in Rack Header Parsing | |
| Solution: upgrade to '~> 2.0.9, >= 2.0.9.4', '~> 2.1.4, >= 2.1.4.4', '~> 2.2.8, >= 2.2.8.1', '>= 3.0.9.1' | |
| Name: sinatra | |
| Version: 1.4.8 | |
| CVE: CVE-2022-29970 | |
| GHSA: GHSA-qp49-3pvw-x4m5 | |
| Criticality: High | |
| URL: https://github.com/sinatra/sinatra/pull/1683 | |
| Title: sinatra does not validate expanded path matches | |
| Solution: upgrade to '>= 2.2.0' | |
| Name: sinatra | |
| Version: 1.4.8 | |
| CVE: CVE-2022-45442 | |
| GHSA: GHSA-2x8x-jmrp-phxw | |
| Criticality: High | |
| URL: https://github.com/sinatra/sinatra/security/advisories/GHSA-2x8x-jmrp-phxw | |
| Title: Sinatra vulnerable to Reflected File Download attack | |
| Solution: upgrade to '~> 2.2.3', '>= 3.0.4' | |
| Name: webrick | |
| Version: 1.3.1 | |
| CVE: CVE-2017-10784 | |
| GHSA: GHSA-369m-2gv6-mw28 | |
| Criticality: High | |
| URL: https://access.redhat.com/errata/RHSA-2017:3485 | |
| Title: WEBrick RCE Vulnerability | |
| Solution: upgrade to '>= 1.4.0' | |
| Name: webrick | |
| Version: 1.3.1 | |
| CVE: CVE-2020-25613 | |
| GHSA: GHSA-gwfg-cqmg-cf8f | |
| Criticality: High | |
| URL: https://www.ruby-lang.org/en/news/2020/09/29/http-request-smuggling-cve-2020-25613/ | |
| Title: Potential HTTP Request Smuggling Vulnerability in WEBrick | |
| Solution: upgrade to '>= 1.6.1' | |
| Name: webrick | |
| Version: 1.3.1 | |
| CVE: CVE-2024-47220 | |
| GHSA: GHSA-6f62-3596-g6w7 | |
| Criticality: High | |
| URL: https://github.com/advisories/GHSA-6f62-3596-g6w7 | |
| Title: HTTP Request Smuggling in ruby webrick | |
| Solution: upgrade to '>= 1.8.2' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/servers/web-apps/discourse/rubyEnv/Gemfile.lock | |
| Name: actionmailer | |
| Version: 7.1.3.4 | |
| CVE: CVE-2024-47889 | |
| GHSA: GHSA-h47h-mwp9-c6q6 | |
| Criticality: Unknown | |
| URL: https://github.com/rails/rails/security/advisories/GHSA-h47h-mwp9-c6q6 | |
| Title: Possible ReDoS vulnerability in block_format in Action Mailer | |
| Solution: upgrade to '~> 6.1.7.9', '~> 7.0.8.5', '~> 7.1.4.1', '>= 7.2.1.1' | |
| Name: actionpack | |
| Version: 7.1.3.4 | |
| CVE: CVE-2024-41128 | |
| GHSA: GHSA-x76w-6vjr-8xgj | |
| Criticality: Unknown | |
| URL: https://github.com/rails/rails/security/advisories/GHSA-x76w-6vjr-8xgj | |
| Title: Possible ReDoS vulnerability in query parameter filtering in Action Dispatch | |
| Solution: upgrade to '~> 6.1.7.9', '~> 7.0.8.5', '~> 7.1.4.1', '>= 7.2.1.1' | |
| Name: actionpack | |
| Version: 7.1.3.4 | |
| CVE: CVE-2024-47887 | |
| GHSA: GHSA-vfg9-r3fq-jvx4 | |
| Criticality: Unknown | |
| URL: https://github.com/rails/rails/security/advisories/GHSA-vfg9-r3fq-jvx4 | |
| Title: Possible ReDoS vulnerability in HTTP Token authentication in Action Controller | |
| Solution: upgrade to '~> 6.1.7.9', '~> 7.0.8.5', '~> 7.1.4.1', '>= 7.2.1.1' | |
| Name: google-protobuf | |
| Version: 4.27.2 | |
| CVE: CVE-2024-7254 | |
| GHSA: GHSA-735f-pc8j-v9w8 | |
| Criticality: High | |
| URL: https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-735f-pc8j-v9w8 | |
| Title: protobuf-java has potential Denial of Service issue | |
| Solution: upgrade to '~> 3.25.5', '~> 4.27.5', '>= 4.28.2' | |
| Name: google-protobuf | |
| Version: 4.27.2 | |
| CVE: CVE-2024-7254 | |
| GHSA: GHSA-735f-pc8j-v9w8 | |
| Criticality: High | |
| URL: https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-735f-pc8j-v9w8 | |
| Title: protobuf-java has potential Denial of Service issue | |
| Solution: upgrade to '~> 3.25.5', '~> 4.27.5', '>= 4.28.2' | |
| Name: google-protobuf | |
| Version: 4.27.2 | |
| CVE: CVE-2024-7254 | |
| GHSA: GHSA-735f-pc8j-v9w8 | |
| Criticality: High | |
| URL: https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-735f-pc8j-v9w8 | |
| Title: protobuf-java has potential Denial of Service issue | |
| Solution: upgrade to '~> 3.25.5', '~> 4.27.5', '>= 4.28.2' | |
| Name: omniauth | |
| Version: 1.9.2 | |
| CVE: CVE-2015-9284 | |
| GHSA: GHSA-ww4x-rwq6-qpgf | |
| Criticality: High | |
| URL: https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284 | |
| Title: CSRF vulnerability in OmniAuth's request phase | |
| Solution: upgrade to '>= 2.0.0' | |
| Name: puma | |
| Version: 6.4.2 | |
| CVE: CVE-2024-45614 | |
| GHSA: GHSA-9hf4-67fc-4vf4 | |
| Criticality: Medium | |
| URL: https://github.com/puma/puma/security/advisories/GHSA-9hf4-67fc-4vf4 | |
| Title: Puma's header normalization allows for client to clobber proxy set headers | |
| Solution: upgrade to '~> 5.6.9', '>= 6.4.3' | |
| Name: rexml | |
| Version: 3.3.2 | |
| CVE: CVE-2024-41123 | |
| GHSA: GHSA-r55c-59qm-vjw6 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.3.2 | |
| CVE: CVE-2024-41946 | |
| GHSA: GHSA-5866-49gr-22v4 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.3.2 | |
| CVE: CVE-2024-43398 | |
| GHSA: GHSA-vmwr-mc7x-5vc3 | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-vmwr-mc7x-5vc3 | |
| Title: REXML denial of service vulnerability | |
| Solution: upgrade to '>= 3.3.6' | |
| Name: webrick | |
| Version: 1.8.1 | |
| CVE: CVE-2024-47220 | |
| GHSA: GHSA-6f62-3596-g6w7 | |
| Criticality: High | |
| URL: https://github.com/advisories/GHSA-6f62-3596-g6w7 | |
| Title: HTTP Request Smuggling in ruby webrick | |
| Solution: upgrade to '>= 1.8.2' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/servers/web-apps/discourse/plugins/discourse-github/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/servers/web-apps/discourse/plugins/discourse-openid-connect/Gemfile.lock | |
| Name: rexml | |
| Version: 3.2.5 | |
| CVE: CVE-2024-35176 | |
| GHSA: GHSA-vg3r-rm7w-2xgh | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh | |
| Title: REXML contains a denial of service vulnerability | |
| Solution: upgrade to '>= 3.2.7' | |
| Name: rexml | |
| Version: 3.2.5 | |
| CVE: CVE-2024-39908 | |
| GHSA: GHSA-4xqq-m2hx-25v8 | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8 | |
| Title: DoS in REXML | |
| Solution: upgrade to '>= 3.3.2' | |
| Name: rexml | |
| Version: 3.2.5 | |
| CVE: CVE-2024-41123 | |
| GHSA: GHSA-r55c-59qm-vjw6 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.2.5 | |
| CVE: CVE-2024-41946 | |
| GHSA: GHSA-5866-49gr-22v4 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.2.5 | |
| CVE: CVE-2024-43398 | |
| GHSA: GHSA-vmwr-mc7x-5vc3 | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-vmwr-mc7x-5vc3 | |
| Title: REXML denial of service vulnerability | |
| Solution: upgrade to '>= 3.3.6' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/servers/web-apps/discourse/plugins/discourse-calendar/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/servers/web-apps/discourse/plugins/discourse-oauth2-basic/Gemfile.lock | |
| Name: rexml | |
| Version: 3.2.5 | |
| CVE: CVE-2024-35176 | |
| GHSA: GHSA-vg3r-rm7w-2xgh | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh | |
| Title: REXML contains a denial of service vulnerability | |
| Solution: upgrade to '>= 3.2.7' | |
| Name: rexml | |
| Version: 3.2.5 | |
| CVE: CVE-2024-39908 | |
| GHSA: GHSA-4xqq-m2hx-25v8 | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8 | |
| Title: DoS in REXML | |
| Solution: upgrade to '>= 3.3.2' | |
| Name: rexml | |
| Version: 3.2.5 | |
| CVE: CVE-2024-41123 | |
| GHSA: GHSA-r55c-59qm-vjw6 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.2.5 | |
| CVE: CVE-2024-41946 | |
| GHSA: GHSA-5866-49gr-22v4 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.2.5 | |
| CVE: CVE-2024-43398 | |
| GHSA: GHSA-vmwr-mc7x-5vc3 | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-vmwr-mc7x-5vc3 | |
| Title: REXML denial of service vulnerability | |
| Solution: upgrade to '>= 3.3.6' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/servers/web-apps/discourse/plugins/discourse-migratepassword/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/servers/web-apps/discourse/plugins/discourse-prometheus/Gemfile.lock | |
| Name: webrick | |
| Version: 1.8.1 | |
| CVE: CVE-2024-47220 | |
| GHSA: GHSA-6f62-3596-g6w7 | |
| Criticality: High | |
| URL: https://github.com/advisories/GHSA-6f62-3596-g6w7 | |
| Title: HTTP Request Smuggling in ruby webrick | |
| Solution: upgrade to '>= 1.8.2' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/servers/web-apps/discourse/plugins/discourse-ldap-auth/Gemfile.lock | |
| Name: omniauth | |
| Version: 1.9.2 | |
| CVE: CVE-2015-9284 | |
| GHSA: GHSA-ww4x-rwq6-qpgf | |
| Criticality: High | |
| URL: https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284 | |
| Title: CSRF vulnerability in OmniAuth's request phase | |
| Solution: upgrade to '>= 2.0.0' | |
| Name: rack | |
| Version: 2.2.7 | |
| CVE: CVE-2024-25126 | |
| GHSA: GHSA-22f2-v57c-j9cx | |
| Criticality: Medium | |
| URL: https://discuss.rubyonrails.org/t/denial-of-service-vulnerability-in-rack-content-type-parsing/84941 | |
| Title: Denial of Service Vulnerability in Rack Content-Type Parsing | |
| Solution: upgrade to '~> 2.2.8, >= 2.2.8.1', '>= 3.0.9.1' | |
| Name: rack | |
| Version: 2.2.7 | |
| CVE: CVE-2024-26141 | |
| GHSA: GHSA-xj5v-6v4g-jfw6 | |
| Criticality: Unknown | |
| URL: https://discuss.rubyonrails.org/t/possible-dos-vulnerability-with-range-header-in-rack/84944 | |
| Title: Possible DoS Vulnerability with Range Header in Rack | |
| Solution: upgrade to '~> 2.2.8, >= 2.2.8.1', '>= 3.0.9.1' | |
| Name: rack | |
| Version: 2.2.7 | |
| CVE: CVE-2024-26146 | |
| GHSA: GHSA-54rr-7fvw-6x8f | |
| Criticality: Unknown | |
| URL: https://discuss.rubyonrails.org/t/possible-denial-of-service-vulnerability-in-rack-header-parsing/84942 | |
| Title: Possible Denial of Service Vulnerability in Rack Header Parsing | |
| Solution: upgrade to '~> 2.0.9, >= 2.0.9.4', '~> 2.1.4, >= 2.1.4.4', '~> 2.2.8, >= 2.2.8.1', '>= 3.0.9.1' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/servers/http/showoff/Gemfile.lock | |
| Name: addressable | |
| Version: 2.6.0 | |
| CVE: CVE-2021-32740 | |
| GHSA: GHSA-jxhc-q857-3j6g | |
| Criticality: High | |
| URL: https://github.com/advisories/GHSA-jxhc-q857-3j6g | |
| Title: Regular Expression Denial of Service in Addressable templates | |
| Solution: upgrade to '>= 2.8.0' | |
| Name: commonmarker | |
| Version: 0.18.2 | |
| CVE: CVE-2024-22051 | |
| GHSA: GHSA-fmx4-26r3-wxpf | |
| Criticality: High | |
| URL: https://github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4x | |
| Title: Integer overflow in cmark-gfm table parsing extension leads to heap memory corruption | |
| Solution: upgrade to '>= 0.23.4' | |
| Name: commonmarker | |
| Version: 0.18.2 | |
| GHSA: GHSA-48wp-p9qv-4j64 | |
| Criticality: High | |
| URL: https://github.com/gjtorikian/commonmarker/releases/tag/v0.23.9 | |
| Title: Commonmarker vulnerable to to several quadratic complexity bugs that may lead to denial of service | |
| Solution: upgrade to '>= 0.23.9' | |
| Name: commonmarker | |
| Version: 0.18.2 | |
| GHSA: GHSA-4qw4-jpp4-8gvp | |
| Criticality: Unknown | |
| URL: https://github.com/gjtorikian/commonmarker/security/advisories/GHSA-4qw4-jpp4-8gvp | |
| Title: Unbounded resource exhaustion in cmark-gfm autolink extension may lead to denial of service | |
| Solution: upgrade to '>= 0.23.6' | |
| Name: commonmarker | |
| Version: 0.18.2 | |
| GHSA: GHSA-636f-xm5j-pj9m | |
| Criticality: Unknown | |
| URL: https://github.com/gjtorikian/commonmarker/security/advisories/GHSA-636f-xm5j-pj9m | |
| Title: Several quadratic complexity bugs may lead to denial of service in Commonmarker | |
| Solution: upgrade to '>= 0.23.7' | |
| Name: commonmarker | |
| Version: 0.18.2 | |
| GHSA: GHSA-7vh7-fw88-wj87 | |
| Criticality: Unknown | |
| URL: https://github.com/gjtorikian/commonmarker/security/advisories/GHSA-7vh7-fw88-wj87 | |
| Title: Several quadratic complexity bugs may lead to denial of service in Commonmarker | |
| Solution: upgrade to '>= 0.23.10' | |
| Name: commonmarker | |
| Version: 0.18.2 | |
| GHSA: GHSA-fmx4-26r3-wxpf | |
| Criticality: High | |
| URL: https://github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4x | |
| Title: Integer overflow in cmark-gfm table parsing extension leads to heap memory corruption | |
| Solution: upgrade to '>= 0.23.4' | |
| Name: json | |
| Version: 2.2.0 | |
| CVE: CVE-2020-10663 | |
| GHSA: GHSA-jphg-qwrw-7w9g | |
| Criticality: High | |
| URL: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/ | |
| Title: json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix) | |
| Solution: upgrade to '>= 2.3.0' | |
| Name: nokogiri | |
| Version: 1.10.1 | |
| CVE: CVE-2018-25032 | |
| GHSA: GHSA-v6gp-9mmm-c6p5 | |
| Criticality: High | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5 | |
| Title: Out-of-bounds Write in zlib affects Nokogiri | |
| Solution: upgrade to '>= 1.13.4' | |
| Name: nokogiri | |
| Version: 1.10.1 | |
| CVE: CVE-2019-11068 | |
| GHSA: GHSA-qxcg-xjjg-66mj | |
| Criticality: Critical | |
| URL: https://github.com/sparklemotion/nokogiri/issues/1892 | |
| Title: Nokogiri gem, via libxslt, is affected by improper access control vulnerability | |
| Solution: upgrade to '>= 1.10.3' | |
| Name: nokogiri | |
| Version: 1.10.1 | |
| CVE: CVE-2019-13117 | |
| GHSA: GHSA-4hm9-844j-jmxp | |
| Criticality: Unknown | |
| URL: https://github.com/sparklemotion/nokogiri/issues/1943 | |
| Title: Nokogiri gem, via libxslt, is affected by multiple vulnerabilities | |
| Solution: upgrade to '>= 1.10.5' | |
| Name: nokogiri | |
| Version: 1.10.1 | |
| CVE: CVE-2019-13118 | |
| GHSA: GHSA-cf46-6xxh-pc75 | |
| Criticality: High | |
| URL: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069 | |
| Title: libxslt Type Confusion vulnerability that affects Nokogiri | |
| Solution: upgrade to '>= 1.10.5' | |
| Name: nokogiri | |
| Version: 1.10.1 | |
| CVE: CVE-2019-18197 | |
| GHSA: GHSA-242x-7cm6-4w8j | |
| Criticality: High | |
| URL: https://github.com/sparklemotion/nokogiri/issues/1943 | |
| Title: Nokogiri affected by libxslt Use of Uninitialized Resource/ Use After Free vulnerability | |
| Solution: upgrade to '>= 1.10.5' | |
| Name: nokogiri | |
| Version: 1.10.1 | |
| CVE: CVE-2019-5477 | |
| GHSA: GHSA-cr5j-953j-xw5p | |
| Criticality: Critical | |
| URL: https://github.com/sparklemotion/nokogiri/issues/1915 | |
| Title: Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file | |
| Solution: upgrade to '>= 1.10.4' | |
| Name: nokogiri | |
| Version: 1.10.1 | |
| CVE: CVE-2019-5815 | |
| GHSA: GHSA-vmfx-gcfq-wvm2 | |
| Criticality: High | |
| URL: https://github.com/sparklemotion/nokogiri/issues/2630 | |
| Title: Nokogiri implementation of libxslt vulnerable to heap corruption | |
| Solution: upgrade to '>= 1.10.5' | |
| Name: nokogiri | |
| Version: 1.10.1 | |
| CVE: CVE-2020-26247 | |
| GHSA: GHSA-vr8q-g5c7-m54m | |
| Criticality: Low | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m | |
| Title: Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability | |
| Solution: upgrade to '>= 1.11.0.rc4' | |
| Name: nokogiri | |
| Version: 1.10.1 | |
| CVE: CVE-2020-7595 | |
| GHSA: GHSA-7553-jr98-vx47 | |
| Criticality: High | |
| URL: https://github.com/sparklemotion/nokogiri/issues/1992 | |
| Title: libxml2 2.9.10 has an infinite loop in a certain end-of-file situation | |
| Solution: upgrade to '>= 1.10.8' | |
| Name: nokogiri | |
| Version: 1.10.1 | |
| CVE: CVE-2021-30560 | |
| GHSA: GHSA-fq42-c5rg-92c2 | |
| Criticality: High | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2 | |
| Title: Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35) | |
| Solution: upgrade to '>= 1.13.2' | |
| Name: nokogiri | |
| Version: 1.10.1 | |
| CVE: CVE-2021-3517 | |
| GHSA: GHSA-jw9f-hh49-cvp9 | |
| Criticality: High | |
| URL: https://bugzilla.redhat.com/show_bug.cgi?id=1954232 | |
| Title: Nokogiri contains libxml Out-of-bounds Write vulnerability | |
| Solution: upgrade to '>= 1.11.4' | |
| Name: nokogiri | |
| Version: 1.10.1 | |
| CVE: CVE-2021-3518 | |
| GHSA: GHSA-v4f8-2847-rwm7 | |
| Criticality: High | |
| URL: https://nokogiri.org/CHANGELOG.html#1114-2021-05-14 | |
| Title: Nokogiri Implements libxml2 version vulnerable to use-after-free | |
| Solution: upgrade to '>= 1.11.4' | |
| Name: nokogiri | |
| Version: 1.10.1 | |
| CVE: CVE-2021-3537 | |
| GHSA: GHSA-286v-pcf5-25rc | |
| Criticality: Medium | |
| URL: https://nokogiri.org/CHANGELOG.html#1114-2021-05-14 | |
| Title: Nokogiri Implements libxml2 version vulnerable to null pointer dereferencing | |
| Solution: upgrade to '>= 1.11.4' | |
| Name: nokogiri | |
| Version: 1.10.1 | |
| CVE: CVE-2021-41098 | |
| GHSA: GHSA-2rr5-8q37-2w7h | |
| Criticality: High | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h | |
| Title: Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby | |
| Solution: upgrade to '>= 1.12.5' | |
| Name: nokogiri | |
| Version: 1.10.1 | |
| CVE: CVE-2022-23437 | |
| GHSA: GHSA-xxx9-3xcr-gjj3 | |
| Criticality: Medium | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xxx9-3xcr-gjj3 | |
| Title: XML Injection in Xerces Java affects Nokogiri | |
| Solution: upgrade to '>= 1.13.4' | |
| Name: nokogiri | |
| Version: 1.10.1 | |
| CVE: CVE-2022-24836 | |
| GHSA: GHSA-crjr-9rc5-ghw8 | |
| Criticality: High | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8 | |
| Title: Inefficient Regular Expression Complexity in Nokogiri | |
| Solution: upgrade to '>= 1.13.4' | |
| Name: nokogiri | |
| Version: 1.10.1 | |
| CVE: CVE-2022-24839 | |
| GHSA: GHSA-gx8x-g87m-h5q6 | |
| Criticality: High | |
| URL: https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv | |
| Title: Denial of Service (DoS) in Nokogiri on JRuby | |
| Solution: upgrade to '>= 1.13.4' | |
| Name: nokogiri | |
| Version: 1.10.1 | |
| CVE: CVE-2022-29181 | |
| GHSA: GHSA-xh29-r2w5-wx8m | |
| Criticality: High | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m | |
| Title: Improper Handling of Unexpected Data Type in Nokogiri | |
| Solution: upgrade to '>= 1.13.6' | |
| Name: nokogiri | |
| Version: 1.10.1 | |
| GHSA: GHSA-2qc6-mcvw-92cw | |
| Criticality: Unknown | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw | |
| Title: Update bundled libxml2 to v2.10.3 to resolve multiple CVEs | |
| Solution: upgrade to '>= 1.13.9' | |
| Name: nokogiri | |
| Version: 1.10.1 | |
| GHSA: GHSA-7rrm-v45f-jp64 | |
| Criticality: High | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64 | |
| Title: Update packaged dependency libxml2 from 2.9.10 to 2.9.12 | |
| Solution: upgrade to '>= 1.11.4' | |
| Name: nokogiri | |
| Version: 1.10.1 | |
| GHSA: GHSA-cgx6-hpwq-fhv5 | |
| Criticality: High | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-cgx6-hpwq-fhv5 | |
| Title: Integer Overflow or Wraparound in libxml2 affects Nokogiri | |
| Solution: upgrade to '>= 1.13.5' | |
| Name: nokogiri | |
| Version: 1.10.1 | |
| GHSA: GHSA-pxvg-2qj5-37jq | |
| Criticality: Unknown | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-pxvg-2qj5-37jq | |
| Title: Update packaged libxml2 to v2.10.4 to resolve multiple CVEs | |
| Solution: upgrade to '>= 1.14.3' | |
| Name: nokogiri | |
| Version: 1.10.1 | |
| GHSA: GHSA-r95h-9x8f-r3f7 | |
| Criticality: Unknown | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-r95h-9x8f-r3f7 | |
| Title: Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459 | |
| Solution: upgrade to '>= 1.16.5' | |
| Name: nokogiri | |
| Version: 1.10.1 | |
| GHSA: GHSA-xc9x-jj77-9p9j | |
| Criticality: Unknown | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xc9x-jj77-9p9j | |
| Title: Use-after-free in libxml2 via Nokogiri::XML::Reader | |
| Solution: upgrade to '~> 1.15.6', '>= 1.16.2' | |
| Name: rack | |
| Version: 1.6.11 | |
| CVE: CVE-2019-16782 | |
| GHSA: GHSA-hrqr-hxpp-chr3 | |
| Criticality: Medium | |
| URL: https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3 | |
| Title: Possible information leak / session hijack vulnerability | |
| Solution: upgrade to '~> 1.6.12', '>= 2.0.8' | |
| Name: rack | |
| Version: 1.6.11 | |
| CVE: CVE-2020-8161 | |
| GHSA: GHSA-5f9h-9pjv-v6j7 | |
| Criticality: High | |
| URL: https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA | |
| Title: Directory traversal in Rack::Directory app bundled with Rack | |
| Solution: upgrade to '~> 2.1.3', '>= 2.2.0' | |
| Name: rack | |
| Version: 1.6.11 | |
| CVE: CVE-2020-8184 | |
| GHSA: GHSA-j6w9-fv6q-3q52 | |
| Criticality: High | |
| URL: https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak | |
| Title: Percent-encoded cookies can be used to overwrite existing prefixed cookie names | |
| Solution: upgrade to '~> 2.1.4', '>= 2.2.3' | |
| Name: rack | |
| Version: 1.6.11 | |
| CVE: CVE-2022-30122 | |
| GHSA: GHSA-hxqx-xwvh-44m2 | |
| Criticality: High | |
| URL: https://groups.google.com/g/ruby-security-ann/c/L2Axto442qk | |
| Title: Denial of Service Vulnerability in Rack Multipart Parsing | |
| Solution: upgrade to '~> 2.0.9, >= 2.0.9.1', '~> 2.1.4, >= 2.1.4.1', '>= 2.2.3.1' | |
| Name: rack | |
| Version: 1.6.11 | |
| CVE: CVE-2022-30123 | |
| GHSA: GHSA-wq4h-7r42-5hrr | |
| Criticality: Critical | |
| URL: https://groups.google.com/g/ruby-security-ann/c/LWB10kWzag8 | |
| Title: Possible shell escape sequence injection vulnerability in Rack | |
| Solution: upgrade to '~> 2.0.9, >= 2.0.9.1', '~> 2.1.4, >= 2.1.4.1', '>= 2.2.3.1' | |
| Name: rack | |
| Version: 1.6.11 | |
| CVE: CVE-2022-44570 | |
| GHSA: GHSA-65f5-mfpf-vfhj | |
| Criticality: High | |
| URL: https://github.com/rack/rack/releases/tag/v3.0.4.1 | |
| Title: Denial of service via header parsing in Rack | |
| Solution: upgrade to '~> 2.0.9, >= 2.0.9.2', '~> 2.1.4, >= 2.1.4.2', '~> 2.2.6, >= 2.2.6.2', '>= 3.0.4.1' | |
| Name: rack | |
| Version: 1.6.11 | |
| CVE: CVE-2022-44571 | |
| GHSA: GHSA-93pm-5p5f-3ghx | |
| Criticality: Unknown | |
| URL: https://github.com/rack/rack/releases/tag/v3.0.4.1 | |
| Title: Denial of Service Vulnerability in Rack Content-Disposition parsing | |
| Solution: upgrade to '~> 2.0.9, >= 2.0.9.2', '~> 2.1.4, >= 2.1.4.2', '~> 2.2.6, >= 2.2.6.1', '>= 3.0.4.1' | |
| Name: rack | |
| Version: 1.6.11 | |
| CVE: CVE-2022-44572 | |
| GHSA: GHSA-rqv2-275x-2jq5 | |
| Criticality: Unknown | |
| URL: https://github.com/rack/rack/releases/tag/v3.0.4.1 | |
| Title: Denial of service via multipart parsing in Rack | |
| Solution: upgrade to '~> 2.0.9, >= 2.0.9.2', '~> 2.1.4, >= 2.1.4.2', '~> 2.2.6, >= 2.2.6.1', '>= 3.0.4.1' | |
| Name: rack | |
| Version: 1.6.11 | |
| CVE: CVE-2023-27530 | |
| GHSA: GHSA-3h57-hmj3-gj3p | |
| Criticality: High | |
| URL: https://discuss.rubyonrails.org/t/cve-2023-27530-possible-dos-vulnerability-in-multipart-mime-parsing/82388 | |
| Title: Possible DoS Vulnerability in Multipart MIME parsing | |
| Solution: upgrade to '~> 2.0.9, >= 2.0.9.3', '~> 2.1.4, >= 2.1.4.3', '~> 2.2.6, >= 2.2.6.3', '>= 3.0.4.2' | |
| Name: rack | |
| Version: 1.6.11 | |
| CVE: CVE-2023-27539 | |
| GHSA: GHSA-c6qg-cjj8-47qp | |
| Criticality: Unknown | |
| URL: https://discuss.rubyonrails.org/t/cve-2023-27539-possible-denial-of-service-vulnerability-in-racks-header-parsing/82466 | |
| Title: Possible Denial of Service Vulnerability in Rack’s header parsing | |
| Solution: upgrade to '~> 2.0, >= 2.2.6.4', '>= 3.0.6.1' | |
| Name: rack | |
| Version: 1.6.11 | |
| CVE: CVE-2024-25126 | |
| GHSA: GHSA-22f2-v57c-j9cx | |
| Criticality: Medium | |
| URL: https://discuss.rubyonrails.org/t/denial-of-service-vulnerability-in-rack-content-type-parsing/84941 | |
| Title: Denial of Service Vulnerability in Rack Content-Type Parsing | |
| Solution: upgrade to '~> 2.2.8, >= 2.2.8.1', '>= 3.0.9.1' | |
| Name: rack | |
| Version: 1.6.11 | |
| CVE: CVE-2024-26141 | |
| GHSA: GHSA-xj5v-6v4g-jfw6 | |
| Criticality: Unknown | |
| URL: https://discuss.rubyonrails.org/t/possible-dos-vulnerability-with-range-header-in-rack/84944 | |
| Title: Possible DoS Vulnerability with Range Header in Rack | |
| Solution: upgrade to '~> 2.2.8, >= 2.2.8.1', '>= 3.0.9.1' | |
| Name: rack | |
| Version: 1.6.11 | |
| CVE: CVE-2024-26146 | |
| GHSA: GHSA-54rr-7fvw-6x8f | |
| Criticality: Unknown | |
| URL: https://discuss.rubyonrails.org/t/possible-denial-of-service-vulnerability-in-rack-header-parsing/84942 | |
| Title: Possible Denial of Service Vulnerability in Rack Header Parsing | |
| Solution: upgrade to '~> 2.0.9, >= 2.0.9.4', '~> 2.1.4, >= 2.1.4.4', '~> 2.2.8, >= 2.2.8.1', '>= 3.0.9.1' | |
| Name: rack-contrib | |
| Version: 1.8.0 | |
| CVE: CVE-2024-35231 | |
| GHSA: GHSA-8c8q-2xw3-j869 | |
| Criticality: High | |
| URL: https://nvd.nist.gov/vuln/detail/CVE-2024-35231 | |
| Title: Denial of Service in rack-contrib via "profiler_runs" parameter | |
| Solution: upgrade to '>= 2.5.0' | |
| Name: redcarpet | |
| Version: 3.4.0 | |
| CVE: CVE-2020-26298 | |
| GHSA: GHSA-q3wr-qw3g-3p4h | |
| Criticality: Medium | |
| URL: https://github.com/vmg/redcarpet/commit/a699c82292b17c8e6a62e1914d5eccc252272793 | |
| Title: Injection/XSS in Redcarpet | |
| Solution: upgrade to '>= 3.5.1' | |
| Name: sinatra | |
| Version: 1.4.8 | |
| CVE: CVE-2022-29970 | |
| GHSA: GHSA-qp49-3pvw-x4m5 | |
| Criticality: High | |
| URL: https://github.com/sinatra/sinatra/pull/1683 | |
| Title: sinatra does not validate expanded path matches | |
| Solution: upgrade to '>= 2.2.0' | |
| Name: sinatra | |
| Version: 1.4.8 | |
| CVE: CVE-2022-45442 | |
| GHSA: GHSA-2x8x-jmrp-phxw | |
| Criticality: High | |
| URL: https://github.com/sinatra/sinatra/security/advisories/GHSA-2x8x-jmrp-phxw | |
| Title: Sinatra vulnerable to Reflected File Download attack | |
| Solution: upgrade to '~> 2.2.3', '>= 3.0.4' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/tools/package-management/elm-github-install/Gemfile.lock | |
| Name: git | |
| Version: 1.3.0 | |
| CVE: CVE-2022-25648 | |
| GHSA: GHSA-69p6-wvmq-27gg | |
| Criticality: Critical | |
| URL: https://github.com/ruby-git/ruby-git/pull/569 | |
| Title: Command injection in ruby-git | |
| Solution: upgrade to '>= 1.11.0' | |
| Name: git | |
| Version: 1.3.0 | |
| CVE: CVE-2022-46648 | |
| GHSA: GHSA-pfpr-3463-c6jh | |
| Criticality: Medium | |
| URL: https://github.com/ruby-git/ruby-git/pull/602 | |
| Title: Potential remote code execution in ruby-git | |
| Solution: upgrade to '>= 1.13.0' | |
| Name: git | |
| Version: 1.3.0 | |
| CVE: CVE-2022-47318 | |
| GHSA: GHSA-pphf-gfrm-v32r | |
| Criticality: High | |
| URL: https://github.com/ruby-git/ruby-git/pull/602 | |
| Title: Code injection in ruby git | |
| Solution: upgrade to '>= 1.13.0' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/tools/package-management/fpm/Gemfile.lock | |
| Name: rexml | |
| Version: 3.2.6 | |
| CVE: CVE-2024-35176 | |
| GHSA: GHSA-vg3r-rm7w-2xgh | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh | |
| Title: REXML contains a denial of service vulnerability | |
| Solution: upgrade to '>= 3.2.7' | |
| Name: rexml | |
| Version: 3.2.6 | |
| CVE: CVE-2024-39908 | |
| GHSA: GHSA-4xqq-m2hx-25v8 | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8 | |
| Title: DoS in REXML | |
| Solution: upgrade to '>= 3.3.2' | |
| Name: rexml | |
| Version: 3.2.6 | |
| CVE: CVE-2024-41123 | |
| GHSA: GHSA-r55c-59qm-vjw6 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.2.6 | |
| CVE: CVE-2024-41946 | |
| GHSA: GHSA-5866-49gr-22v4 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.2.6 | |
| CVE: CVE-2024-43398 | |
| GHSA: GHSA-vmwr-mc7x-5vc3 | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-vmwr-mc7x-5vc3 | |
| Title: REXML denial of service vulnerability | |
| Solution: upgrade to '>= 3.3.6' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/tools/package-management/licensee/Gemfile.lock | |
| Name: nokogiri | |
| Version: 1.16.0 | |
| GHSA: GHSA-r95h-9x8f-r3f7 | |
| Criticality: Unknown | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-r95h-9x8f-r3f7 | |
| Title: Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459 | |
| Solution: upgrade to '>= 1.16.5' | |
| Name: nokogiri | |
| Version: 1.16.0 | |
| GHSA: GHSA-xc9x-jj77-9p9j | |
| Criticality: Unknown | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xc9x-jj77-9p9j | |
| Title: Use-after-free in libxml2 via Nokogiri::XML::Reader | |
| Solution: upgrade to '~> 1.15.6', '>= 1.16.2' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/tools/backup/lvmsync/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/tools/audio/mpdcron/Gemfile.lock | |
| Name: nokogiri | |
| Version: 1.10.3 | |
| CVE: CVE-2018-25032 | |
| GHSA: GHSA-v6gp-9mmm-c6p5 | |
| Criticality: High | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5 | |
| Title: Out-of-bounds Write in zlib affects Nokogiri | |
| Solution: upgrade to '>= 1.13.4' | |
| Name: nokogiri | |
| Version: 1.10.3 | |
| CVE: CVE-2019-13117 | |
| GHSA: GHSA-4hm9-844j-jmxp | |
| Criticality: Unknown | |
| URL: https://github.com/sparklemotion/nokogiri/issues/1943 | |
| Title: Nokogiri gem, via libxslt, is affected by multiple vulnerabilities | |
| Solution: upgrade to '>= 1.10.5' | |
| Name: nokogiri | |
| Version: 1.10.3 | |
| CVE: CVE-2019-13118 | |
| GHSA: GHSA-cf46-6xxh-pc75 | |
| Criticality: High | |
| URL: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069 | |
| Title: libxslt Type Confusion vulnerability that affects Nokogiri | |
| Solution: upgrade to '>= 1.10.5' | |
| Name: nokogiri | |
| Version: 1.10.3 | |
| CVE: CVE-2019-18197 | |
| GHSA: GHSA-242x-7cm6-4w8j | |
| Criticality: High | |
| URL: https://github.com/sparklemotion/nokogiri/issues/1943 | |
| Title: Nokogiri affected by libxslt Use of Uninitialized Resource/ Use After Free vulnerability | |
| Solution: upgrade to '>= 1.10.5' | |
| Name: nokogiri | |
| Version: 1.10.3 | |
| CVE: CVE-2019-5477 | |
| GHSA: GHSA-cr5j-953j-xw5p | |
| Criticality: Critical | |
| URL: https://github.com/sparklemotion/nokogiri/issues/1915 | |
| Title: Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file | |
| Solution: upgrade to '>= 1.10.4' | |
| Name: nokogiri | |
| Version: 1.10.3 | |
| CVE: CVE-2019-5815 | |
| GHSA: GHSA-vmfx-gcfq-wvm2 | |
| Criticality: High | |
| URL: https://github.com/sparklemotion/nokogiri/issues/2630 | |
| Title: Nokogiri implementation of libxslt vulnerable to heap corruption | |
| Solution: upgrade to '>= 1.10.5' | |
| Name: nokogiri | |
| Version: 1.10.3 | |
| CVE: CVE-2020-26247 | |
| GHSA: GHSA-vr8q-g5c7-m54m | |
| Criticality: Low | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m | |
| Title: Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability | |
| Solution: upgrade to '>= 1.11.0.rc4' | |
| Name: nokogiri | |
| Version: 1.10.3 | |
| CVE: CVE-2020-7595 | |
| GHSA: GHSA-7553-jr98-vx47 | |
| Criticality: High | |
| URL: https://github.com/sparklemotion/nokogiri/issues/1992 | |
| Title: libxml2 2.9.10 has an infinite loop in a certain end-of-file situation | |
| Solution: upgrade to '>= 1.10.8' | |
| Name: nokogiri | |
| Version: 1.10.3 | |
| CVE: CVE-2021-30560 | |
| GHSA: GHSA-fq42-c5rg-92c2 | |
| Criticality: High | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2 | |
| Title: Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35) | |
| Solution: upgrade to '>= 1.13.2' | |
| Name: nokogiri | |
| Version: 1.10.3 | |
| CVE: CVE-2021-3517 | |
| GHSA: GHSA-jw9f-hh49-cvp9 | |
| Criticality: High | |
| URL: https://bugzilla.redhat.com/show_bug.cgi?id=1954232 | |
| Title: Nokogiri contains libxml Out-of-bounds Write vulnerability | |
| Solution: upgrade to '>= 1.11.4' | |
| Name: nokogiri | |
| Version: 1.10.3 | |
| CVE: CVE-2021-3518 | |
| GHSA: GHSA-v4f8-2847-rwm7 | |
| Criticality: High | |
| URL: https://nokogiri.org/CHANGELOG.html#1114-2021-05-14 | |
| Title: Nokogiri Implements libxml2 version vulnerable to use-after-free | |
| Solution: upgrade to '>= 1.11.4' | |
| Name: nokogiri | |
| Version: 1.10.3 | |
| CVE: CVE-2021-3537 | |
| GHSA: GHSA-286v-pcf5-25rc | |
| Criticality: Medium | |
| URL: https://nokogiri.org/CHANGELOG.html#1114-2021-05-14 | |
| Title: Nokogiri Implements libxml2 version vulnerable to null pointer dereferencing | |
| Solution: upgrade to '>= 1.11.4' | |
| Name: nokogiri | |
| Version: 1.10.3 | |
| CVE: CVE-2021-41098 | |
| GHSA: GHSA-2rr5-8q37-2w7h | |
| Criticality: High | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h | |
| Title: Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby | |
| Solution: upgrade to '>= 1.12.5' | |
| Name: nokogiri | |
| Version: 1.10.3 | |
| CVE: CVE-2022-23437 | |
| GHSA: GHSA-xxx9-3xcr-gjj3 | |
| Criticality: Medium | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xxx9-3xcr-gjj3 | |
| Title: XML Injection in Xerces Java affects Nokogiri | |
| Solution: upgrade to '>= 1.13.4' | |
| Name: nokogiri | |
| Version: 1.10.3 | |
| CVE: CVE-2022-24836 | |
| GHSA: GHSA-crjr-9rc5-ghw8 | |
| Criticality: High | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8 | |
| Title: Inefficient Regular Expression Complexity in Nokogiri | |
| Solution: upgrade to '>= 1.13.4' | |
| Name: nokogiri | |
| Version: 1.10.3 | |
| CVE: CVE-2022-24839 | |
| GHSA: GHSA-gx8x-g87m-h5q6 | |
| Criticality: High | |
| URL: https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv | |
| Title: Denial of Service (DoS) in Nokogiri on JRuby | |
| Solution: upgrade to '>= 1.13.4' | |
| Name: nokogiri | |
| Version: 1.10.3 | |
| CVE: CVE-2022-29181 | |
| GHSA: GHSA-xh29-r2w5-wx8m | |
| Criticality: High | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m | |
| Title: Improper Handling of Unexpected Data Type in Nokogiri | |
| Solution: upgrade to '>= 1.13.6' | |
| Name: nokogiri | |
| Version: 1.10.3 | |
| GHSA: GHSA-2qc6-mcvw-92cw | |
| Criticality: Unknown | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw | |
| Title: Update bundled libxml2 to v2.10.3 to resolve multiple CVEs | |
| Solution: upgrade to '>= 1.13.9' | |
| Name: nokogiri | |
| Version: 1.10.3 | |
| GHSA: GHSA-7rrm-v45f-jp64 | |
| Criticality: High | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64 | |
| Title: Update packaged dependency libxml2 from 2.9.10 to 2.9.12 | |
| Solution: upgrade to '>= 1.11.4' | |
| Name: nokogiri | |
| Version: 1.10.3 | |
| GHSA: GHSA-cgx6-hpwq-fhv5 | |
| Criticality: High | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-cgx6-hpwq-fhv5 | |
| Title: Integer Overflow or Wraparound in libxml2 affects Nokogiri | |
| Solution: upgrade to '>= 1.13.5' | |
| Name: nokogiri | |
| Version: 1.10.3 | |
| GHSA: GHSA-pxvg-2qj5-37jq | |
| Criticality: Unknown | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-pxvg-2qj5-37jq | |
| Title: Update packaged libxml2 to v2.10.4 to resolve multiple CVEs | |
| Solution: upgrade to '>= 1.14.3' | |
| Name: nokogiri | |
| Version: 1.10.3 | |
| GHSA: GHSA-r95h-9x8f-r3f7 | |
| Criticality: Unknown | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-r95h-9x8f-r3f7 | |
| Title: Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459 | |
| Solution: upgrade to '>= 1.16.5' | |
| Name: nokogiri | |
| Version: 1.10.3 | |
| GHSA: GHSA-xc9x-jj77-9p9j | |
| Criticality: Unknown | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xc9x-jj77-9p9j | |
| Title: Use-after-free in libxml2 via Nokogiri::XML::Reader | |
| Solution: upgrade to '~> 1.15.6', '>= 1.16.2' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/tools/security/evil-winrm/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/tools/security/whatweb/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/tools/security/metasploit/Gemfile.lock | |
| Name: actionpack | |
| Version: 7.0.8.3 | |
| CVE: CVE-2024-28103 | |
| GHSA: GHSA-fwhr-88qx-h9g7 | |
| Criticality: Medium | |
| URL: https://github.com/rails/rails/security/advisories/GHSA-fwhr-88qx-h9g7 | |
| Title: Missing security headers in Action Pack on non-HTML responses | |
| Solution: upgrade to '~> 6.1.7, >= 6.1.7.8', '~> 7.0.8, >= 7.0.8.4', '~> 7.1.3, >= 7.1.3.4', '>= 7.2.0.beta2' | |
| Name: actionpack | |
| Version: 7.0.8.3 | |
| CVE: CVE-2024-41128 | |
| GHSA: GHSA-x76w-6vjr-8xgj | |
| Criticality: Unknown | |
| URL: https://github.com/rails/rails/security/advisories/GHSA-x76w-6vjr-8xgj | |
| Title: Possible ReDoS vulnerability in query parameter filtering in Action Dispatch | |
| Solution: upgrade to '~> 6.1.7.9', '~> 7.0.8.5', '~> 7.1.4.1', '>= 7.2.1.1' | |
| Name: actionpack | |
| Version: 7.0.8.3 | |
| CVE: CVE-2024-47887 | |
| GHSA: GHSA-vfg9-r3fq-jvx4 | |
| Criticality: Unknown | |
| URL: https://github.com/rails/rails/security/advisories/GHSA-vfg9-r3fq-jvx4 | |
| Title: Possible ReDoS vulnerability in HTTP Token authentication in Action Controller | |
| Solution: upgrade to '~> 6.1.7.9', '~> 7.0.8.5', '~> 7.1.4.1', '>= 7.2.1.1' | |
| Name: nokogiri | |
| Version: 1.14.5 | |
| GHSA: GHSA-r95h-9x8f-r3f7 | |
| Criticality: Unknown | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-r95h-9x8f-r3f7 | |
| Title: Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459 | |
| Solution: upgrade to '>= 1.16.5' | |
| Name: nokogiri | |
| Version: 1.14.5 | |
| GHSA: GHSA-xc9x-jj77-9p9j | |
| Criticality: Unknown | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xc9x-jj77-9p9j | |
| Title: Use-after-free in libxml2 via Nokogiri::XML::Reader | |
| Solution: upgrade to '~> 1.15.6', '>= 1.16.2' | |
| Name: puma | |
| Version: 6.4.2 | |
| CVE: CVE-2024-45614 | |
| GHSA: GHSA-9hf4-67fc-4vf4 | |
| Criticality: Medium | |
| URL: https://github.com/puma/puma/security/advisories/GHSA-9hf4-67fc-4vf4 | |
| Title: Puma's header normalization allows for client to clobber proxy set headers | |
| Solution: upgrade to '~> 5.6.9', '>= 6.4.3' | |
| Name: rexml | |
| Version: 3.2.8 | |
| CVE: CVE-2024-39908 | |
| GHSA: GHSA-4xqq-m2hx-25v8 | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8 | |
| Title: DoS in REXML | |
| Solution: upgrade to '>= 3.3.2' | |
| Name: rexml | |
| Version: 3.2.8 | |
| CVE: CVE-2024-41123 | |
| GHSA: GHSA-r55c-59qm-vjw6 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.2.8 | |
| CVE: CVE-2024-41946 | |
| GHSA: GHSA-5866-49gr-22v4 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.2.8 | |
| CVE: CVE-2024-43398 | |
| GHSA: GHSA-vmwr-mc7x-5vc3 | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-vmwr-mc7x-5vc3 | |
| Title: REXML denial of service vulnerability | |
| Solution: upgrade to '>= 3.3.6' | |
| Name: webrick | |
| Version: 1.8.1 | |
| CVE: CVE-2024-47220 | |
| GHSA: GHSA-6f62-3596-g6w7 | |
| Criticality: High | |
| URL: https://github.com/advisories/GHSA-6f62-3596-g6w7 | |
| Title: HTTP Request Smuggling in ruby webrick | |
| Solution: upgrade to '>= 1.8.2' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/tools/security/wpscan/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/tools/security/schleuder/cli/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/tools/security/schleuder/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/tools/security/bundler-audit/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/tools/security/zsteg/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/tools/security/cewl/Gemfile.lock | |
| Name: nokogiri | |
| Version: 1.11.7 | |
| CVE: CVE-2018-25032 | |
| GHSA: GHSA-v6gp-9mmm-c6p5 | |
| Criticality: High | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5 | |
| Title: Out-of-bounds Write in zlib affects Nokogiri | |
| Solution: upgrade to '>= 1.13.4' | |
| Name: nokogiri | |
| Version: 1.11.7 | |
| CVE: CVE-2021-30560 | |
| GHSA: GHSA-fq42-c5rg-92c2 | |
| Criticality: High | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2 | |
| Title: Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35) | |
| Solution: upgrade to '>= 1.13.2' | |
| Name: nokogiri | |
| Version: 1.11.7 | |
| CVE: CVE-2021-41098 | |
| GHSA: GHSA-2rr5-8q37-2w7h | |
| Criticality: High | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h | |
| Title: Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby | |
| Solution: upgrade to '>= 1.12.5' | |
| Name: nokogiri | |
| Version: 1.11.7 | |
| CVE: CVE-2022-23437 | |
| GHSA: GHSA-xxx9-3xcr-gjj3 | |
| Criticality: Medium | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xxx9-3xcr-gjj3 | |
| Title: XML Injection in Xerces Java affects Nokogiri | |
| Solution: upgrade to '>= 1.13.4' | |
| Name: nokogiri | |
| Version: 1.11.7 | |
| CVE: CVE-2022-24836 | |
| GHSA: GHSA-crjr-9rc5-ghw8 | |
| Criticality: High | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8 | |
| Title: Inefficient Regular Expression Complexity in Nokogiri | |
| Solution: upgrade to '>= 1.13.4' | |
| Name: nokogiri | |
| Version: 1.11.7 | |
| CVE: CVE-2022-24839 | |
| GHSA: GHSA-gx8x-g87m-h5q6 | |
| Criticality: High | |
| URL: https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv | |
| Title: Denial of Service (DoS) in Nokogiri on JRuby | |
| Solution: upgrade to '>= 1.13.4' | |
| Name: nokogiri | |
| Version: 1.11.7 | |
| CVE: CVE-2022-29181 | |
| GHSA: GHSA-xh29-r2w5-wx8m | |
| Criticality: High | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m | |
| Title: Improper Handling of Unexpected Data Type in Nokogiri | |
| Solution: upgrade to '>= 1.13.6' | |
| Name: nokogiri | |
| Version: 1.11.7 | |
| GHSA: GHSA-2qc6-mcvw-92cw | |
| Criticality: Unknown | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw | |
| Title: Update bundled libxml2 to v2.10.3 to resolve multiple CVEs | |
| Solution: upgrade to '>= 1.13.9' | |
| Name: nokogiri | |
| Version: 1.11.7 | |
| GHSA: GHSA-cgx6-hpwq-fhv5 | |
| Criticality: High | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-cgx6-hpwq-fhv5 | |
| Title: Integer Overflow or Wraparound in libxml2 affects Nokogiri | |
| Solution: upgrade to '>= 1.13.5' | |
| Name: nokogiri | |
| Version: 1.11.7 | |
| GHSA: GHSA-pxvg-2qj5-37jq | |
| Criticality: Unknown | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-pxvg-2qj5-37jq | |
| Title: Update packaged libxml2 to v2.10.4 to resolve multiple CVEs | |
| Solution: upgrade to '>= 1.14.3' | |
| Name: nokogiri | |
| Version: 1.11.7 | |
| GHSA: GHSA-r95h-9x8f-r3f7 | |
| Criticality: Unknown | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-r95h-9x8f-r3f7 | |
| Title: Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459 | |
| Solution: upgrade to '>= 1.16.5' | |
| Name: nokogiri | |
| Version: 1.11.7 | |
| GHSA: GHSA-xc9x-jj77-9p9j | |
| Criticality: Unknown | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xc9x-jj77-9p9j | |
| Title: Use-after-free in libxml2 via Nokogiri::XML::Reader | |
| Solution: upgrade to '~> 1.15.6', '>= 1.16.2' | |
| Name: rexml | |
| Version: 3.2.5 | |
| CVE: CVE-2024-35176 | |
| GHSA: GHSA-vg3r-rm7w-2xgh | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh | |
| Title: REXML contains a denial of service vulnerability | |
| Solution: upgrade to '>= 3.2.7' | |
| Name: rexml | |
| Version: 3.2.5 | |
| CVE: CVE-2024-39908 | |
| GHSA: GHSA-4xqq-m2hx-25v8 | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8 | |
| Title: DoS in REXML | |
| Solution: upgrade to '>= 3.3.2' | |
| Name: rexml | |
| Version: 3.2.5 | |
| CVE: CVE-2024-41123 | |
| GHSA: GHSA-r55c-59qm-vjw6 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.2.5 | |
| CVE: CVE-2024-41946 | |
| GHSA: GHSA-5866-49gr-22v4 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.2.5 | |
| CVE: CVE-2024-43398 | |
| GHSA: GHSA-vmwr-mc7x-5vc3 | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-vmwr-mc7x-5vc3 | |
| Title: REXML denial of service vulnerability | |
| Solution: upgrade to '>= 3.3.6' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/tools/security/ronin/Gemfile.lock | |
| Name: nokogiri | |
| Version: 1.15.4 | |
| GHSA: GHSA-r95h-9x8f-r3f7 | |
| Criticality: Unknown | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-r95h-9x8f-r3f7 | |
| Title: Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459 | |
| Solution: upgrade to '>= 1.16.5' | |
| Name: nokogiri | |
| Version: 1.15.4 | |
| GHSA: GHSA-xc9x-jj77-9p9j | |
| Criticality: Unknown | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xc9x-jj77-9p9j | |
| Title: Use-after-free in libxml2 via Nokogiri::XML::Reader | |
| Solution: upgrade to '~> 1.15.6', '>= 1.16.2' | |
| Name: rack | |
| Version: 2.2.8 | |
| CVE: CVE-2024-25126 | |
| GHSA: GHSA-22f2-v57c-j9cx | |
| Criticality: Medium | |
| URL: https://discuss.rubyonrails.org/t/denial-of-service-vulnerability-in-rack-content-type-parsing/84941 | |
| Title: Denial of Service Vulnerability in Rack Content-Type Parsing | |
| Solution: upgrade to '~> 2.2.8, >= 2.2.8.1', '>= 3.0.9.1' | |
| Name: rack | |
| Version: 2.2.8 | |
| CVE: CVE-2024-26141 | |
| GHSA: GHSA-xj5v-6v4g-jfw6 | |
| Criticality: Unknown | |
| URL: https://discuss.rubyonrails.org/t/possible-dos-vulnerability-with-range-header-in-rack/84944 | |
| Title: Possible DoS Vulnerability with Range Header in Rack | |
| Solution: upgrade to '~> 2.2.8, >= 2.2.8.1', '>= 3.0.9.1' | |
| Name: rack | |
| Version: 2.2.8 | |
| CVE: CVE-2024-26146 | |
| GHSA: GHSA-54rr-7fvw-6x8f | |
| Criticality: Unknown | |
| URL: https://discuss.rubyonrails.org/t/possible-denial-of-service-vulnerability-in-rack-header-parsing/84942 | |
| Title: Possible Denial of Service Vulnerability in Rack Header Parsing | |
| Solution: upgrade to '~> 2.0.9, >= 2.0.9.4', '~> 2.1.4, >= 2.1.4.4', '~> 2.2.8, >= 2.2.8.1', '>= 3.0.9.1' | |
| Name: rdoc | |
| Version: 6.5.0 | |
| CVE: CVE-2024-27281 | |
| GHSA: GHSA-592j-995h-p23j | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/03/21/rce-rdoc-cve-2024-27281/ | |
| Title: RCE vulnerability with .rdoc_options in RDoc | |
| Solution: upgrade to '~> 6.3.4, >= 6.3.4.1', '~> 6.4.1, >= 6.4.1.1', '>= 6.5.1.1' | |
| Name: webrick | |
| Version: 1.8.1 | |
| CVE: CVE-2024-47220 | |
| GHSA: GHSA-6f62-3596-g6w7 | |
| Criticality: High | |
| URL: https://github.com/advisories/GHSA-6f62-3596-g6w7 | |
| Title: HTTP Request Smuggling in ruby webrick | |
| Solution: upgrade to '>= 1.8.2' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/tools/system/procodile/Gemfile.lock | |
| Name: json | |
| Version: 2.2.0 | |
| CVE: CVE-2020-10663 | |
| GHSA: GHSA-jphg-qwrw-7w9g | |
| Criticality: High | |
| URL: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/ | |
| Title: json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix) | |
| Solution: upgrade to '>= 2.3.0' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/tools/system/hiera-eyaml/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/tools/system/colorls/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/tools/misc/haste-client/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/tools/misc/anystyle-cli/Gemfile.lock | |
| Name: activesupport | |
| Version: 6.0.3.2 | |
| CVE: CVE-2023-22796 | |
| GHSA: GHSA-j6gc-792m-qgm2 | |
| Criticality: Unknown | |
| URL: https://github.com/rails/rails/releases/tag/v7.0.4.1 | |
| Title: ReDoS based DoS vulnerability in Active Support’s underscore | |
| Solution: upgrade to '~> 5.2.8, >= 5.2.8.15', '~> 6.1.7, >= 6.1.7.1', '>= 7.0.4.1' | |
| Name: activesupport | |
| Version: 6.0.3.2 | |
| CVE: CVE-2023-28120 | |
| GHSA: GHSA-pj73-v5mw-pm9j | |
| Criticality: Unknown | |
| URL: https://discuss.rubyonrails.org/t/cve-2023-28120-possible-xss-security-vulnerability-in-safebuffer-bytesplice/82469 | |
| Title: Possible XSS Security Vulnerability in SafeBuffer#bytesplice | |
| Solution: upgrade to '~> 6.1.7, >= 6.1.7.3', '>= 7.0.4.3' | |
| Name: activesupport | |
| Version: 6.0.3.2 | |
| CVE: CVE-2023-38037 | |
| GHSA: GHSA-cr5q-6q9f-rq6q | |
| Criticality: Unknown | |
| URL: https://github.com/rails/rails/releases/tag/v7.0.7.1 | |
| Title: Possible File Disclosure of Locally Encrypted Files | |
| Solution: upgrade to '~> 6.1.7, >= 6.1.7.5', '>= 7.0.7.1' | |
| Name: tzinfo | |
| Version: 1.2.7 | |
| CVE: CVE-2022-31163 | |
| GHSA: GHSA-5cm2-9h8c-rvfx | |
| Criticality: High | |
| URL: https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx | |
| Title: TZInfo relative path traversal vulnerability allows loading of arbitrary files | |
| Solution: upgrade to '~> 0.3.61', '>= 1.2.10' | |
| Name: yard | |
| Version: 0.9.25 | |
| CVE: CVE-2024-27285 | |
| GHSA: GHSA-8mq4-9jjh-9xrc | |
| Criticality: Medium | |
| URL: https://github.com/advisories/GHSA-8mq4-9jjh-9xrc | |
| Title: YARD's default template vulnerable to Cross-site Scripting in generated frames.html | |
| Solution: upgrade to '>= 0.9.36' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/tools/misc/teamocil/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/tools/misc/completely/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/tools/misc/html-proofer/Gemfile.lock | |
| Name: nokogiri | |
| Version: 1.16.0 | |
| GHSA: GHSA-r95h-9x8f-r3f7 | |
| Criticality: Unknown | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-r95h-9x8f-r3f7 | |
| Title: Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459 | |
| Solution: upgrade to '>= 1.16.5' | |
| Name: nokogiri | |
| Version: 1.16.0 | |
| GHSA: GHSA-xc9x-jj77-9p9j | |
| Criticality: Unknown | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xc9x-jj77-9p9j | |
| Title: Use-after-free in libxml2 via Nokogiri::XML::Reader | |
| Solution: upgrade to '~> 1.15.6', '>= 1.16.2' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/tools/misc/serverspec/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/tools/misc/chef-cli/Gemfile.lock | |
| Name: rack | |
| Version: 2.2.6.4 | |
| CVE: CVE-2024-25126 | |
| GHSA: GHSA-22f2-v57c-j9cx | |
| Criticality: Medium | |
| URL: https://discuss.rubyonrails.org/t/denial-of-service-vulnerability-in-rack-content-type-parsing/84941 | |
| Title: Denial of Service Vulnerability in Rack Content-Type Parsing | |
| Solution: upgrade to '~> 2.2.8, >= 2.2.8.1', '>= 3.0.9.1' | |
| Name: rack | |
| Version: 2.2.6.4 | |
| CVE: CVE-2024-26141 | |
| GHSA: GHSA-xj5v-6v4g-jfw6 | |
| Criticality: Unknown | |
| URL: https://discuss.rubyonrails.org/t/possible-dos-vulnerability-with-range-header-in-rack/84944 | |
| Title: Possible DoS Vulnerability with Range Header in Rack | |
| Solution: upgrade to '~> 2.2.8, >= 2.2.8.1', '>= 3.0.9.1' | |
| Name: rack | |
| Version: 2.2.6.4 | |
| CVE: CVE-2024-26146 | |
| GHSA: GHSA-54rr-7fvw-6x8f | |
| Criticality: Unknown | |
| URL: https://discuss.rubyonrails.org/t/possible-denial-of-service-vulnerability-in-rack-header-parsing/84942 | |
| Title: Possible Denial of Service Vulnerability in Rack Header Parsing | |
| Solution: upgrade to '~> 2.0.9, >= 2.0.9.4', '~> 2.1.4, >= 2.1.4.4', '~> 2.2.8, >= 2.2.8.1', '>= 3.0.9.1' | |
| Name: rexml | |
| Version: 3.2.5 | |
| CVE: CVE-2024-35176 | |
| GHSA: GHSA-vg3r-rm7w-2xgh | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh | |
| Title: REXML contains a denial of service vulnerability | |
| Solution: upgrade to '>= 3.2.7' | |
| Name: rexml | |
| Version: 3.2.5 | |
| CVE: CVE-2024-39908 | |
| GHSA: GHSA-4xqq-m2hx-25v8 | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8 | |
| Title: DoS in REXML | |
| Solution: upgrade to '>= 3.3.2' | |
| Name: rexml | |
| Version: 3.2.5 | |
| CVE: CVE-2024-41123 | |
| GHSA: GHSA-r55c-59qm-vjw6 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.2.5 | |
| CVE: CVE-2024-41946 | |
| GHSA: GHSA-5866-49gr-22v4 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.2.5 | |
| CVE: CVE-2024-43398 | |
| GHSA: GHSA-vmwr-mc7x-5vc3 | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-vmwr-mc7x-5vc3 | |
| Title: REXML denial of service vulnerability | |
| Solution: upgrade to '>= 3.3.6' | |
| Name: webrick | |
| Version: 1.8.1 | |
| CVE: CVE-2024-47220 | |
| GHSA: GHSA-6f62-3596-g6w7 | |
| Criticality: High | |
| URL: https://github.com/advisories/GHSA-6f62-3596-g6w7 | |
| Title: HTTP Request Smuggling in ruby webrick | |
| Solution: upgrade to '>= 1.8.2' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/tools/misc/3llo/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/tools/misc/docker-sync/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/tools/misc/inspec/Gemfile.lock | |
| Name: rexml | |
| Version: 3.2.6 | |
| CVE: CVE-2024-35176 | |
| GHSA: GHSA-vg3r-rm7w-2xgh | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh | |
| Title: REXML contains a denial of service vulnerability | |
| Solution: upgrade to '>= 3.2.7' | |
| Name: rexml | |
| Version: 3.2.6 | |
| CVE: CVE-2024-39908 | |
| GHSA: GHSA-4xqq-m2hx-25v8 | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8 | |
| Title: DoS in REXML | |
| Solution: upgrade to '>= 3.3.2' | |
| Name: rexml | |
| Version: 3.2.6 | |
| CVE: CVE-2024-41123 | |
| GHSA: GHSA-r55c-59qm-vjw6 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.2.6 | |
| CVE: CVE-2024-41946 | |
| GHSA: GHSA-5866-49gr-22v4 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.2.6 | |
| CVE: CVE-2024-43398 | |
| GHSA: GHSA-vmwr-mc7x-5vc3 | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-vmwr-mc7x-5vc3 | |
| Title: REXML denial of service vulnerability | |
| Solution: upgrade to '>= 3.3.6' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/tools/misc/pws/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/tools/misc/homesick/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/tools/misc/fluentd/Gemfile.lock | |
| Name: google-protobuf | |
| Version: 3.21.12 | |
| CVE: CVE-2024-7254 | |
| GHSA: GHSA-735f-pc8j-v9w8 | |
| Criticality: High | |
| URL: https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-735f-pc8j-v9w8 | |
| Title: protobuf-java has potential Denial of Service issue | |
| Solution: upgrade to '~> 3.25.5', '~> 4.27.5', '>= 4.28.2' | |
| Name: nokogiri | |
| Version: 1.15.2 | |
| GHSA: GHSA-r95h-9x8f-r3f7 | |
| Criticality: Unknown | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-r95h-9x8f-r3f7 | |
| Title: Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459 | |
| Solution: upgrade to '>= 1.16.5' | |
| Name: nokogiri | |
| Version: 1.15.2 | |
| GHSA: GHSA-xc9x-jj77-9p9j | |
| Criticality: Unknown | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xc9x-jj77-9p9j | |
| Title: Use-after-free in libxml2 via Nokogiri::XML::Reader | |
| Solution: upgrade to '~> 1.15.6', '>= 1.16.2' | |
| Name: webrick | |
| Version: 1.7.0 | |
| CVE: CVE-2024-47220 | |
| GHSA: GHSA-6f62-3596-g6w7 | |
| Criticality: High | |
| URL: https://github.com/advisories/GHSA-6f62-3596-g6w7 | |
| Title: HTTP Request Smuggling in ruby webrick | |
| Solution: upgrade to '>= 1.8.2' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/tools/misc/t/Gemfile.lock | |
| Name: addressable | |
| Version: 2.6.0 | |
| CVE: CVE-2021-32740 | |
| GHSA: GHSA-jxhc-q857-3j6g | |
| Criticality: High | |
| URL: https://github.com/advisories/GHSA-jxhc-q857-3j6g | |
| Title: Regular Expression Denial of Service in Addressable templates | |
| Solution: upgrade to '>= 2.8.0' | |
| Name: oauth | |
| Version: 0.5.4 | |
| CVE: CVE-2016-11086 | |
| GHSA: GHSA-7359-3c6r-hfc2 | |
| Criticality: High | |
| URL: https://github.com/advisories/GHSA-7359-3c6r-hfc2 | |
| Title: Improper Certificate Validation in oauth ruby gem | |
| Solution: upgrade to '>= 0.5.5' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/tools/misc/polar/Gemfile.lock | |
| Name: google-protobuf | |
| Version: 3.15.6 | |
| CVE: CVE-2021-22569 | |
| GHSA: GHSA-wrvw-hg22-4m67 | |
| Criticality: High | |
| URL: https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-wrvw-hg22-4m67 | |
| Title: A potential Denial of Service issue in protobuf-java | |
| Solution: upgrade to '>= 3.19.2' | |
| Name: google-protobuf | |
| Version: 3.15.6 | |
| CVE: CVE-2022-3171 | |
| GHSA: GHSA-h4h5-3hr4-j3g2 | |
| Criticality: Medium | |
| URL: https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2 | |
| Title: protobuf-java has a potential Denial of Service issue | |
| Solution: upgrade to '~> 3.16.3', '~> 3.19.6', '~> 3.20.3', '>= 3.21.7' | |
| Name: google-protobuf | |
| Version: 3.15.6 | |
| CVE: CVE-2024-7254 | |
| GHSA: GHSA-735f-pc8j-v9w8 | |
| Criticality: High | |
| URL: https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-735f-pc8j-v9w8 | |
| Title: protobuf-java has potential Denial of Service issue | |
| Solution: upgrade to '~> 3.25.5', '~> 4.27.5', '>= 4.28.2' | |
| Name: nokogiri | |
| Version: 1.11.2 | |
| CVE: CVE-2018-25032 | |
| GHSA: GHSA-v6gp-9mmm-c6p5 | |
| Criticality: High | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5 | |
| Title: Out-of-bounds Write in zlib affects Nokogiri | |
| Solution: upgrade to '>= 1.13.4' | |
| Name: nokogiri | |
| Version: 1.11.2 | |
| CVE: CVE-2021-30560 | |
| GHSA: GHSA-fq42-c5rg-92c2 | |
| Criticality: High | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2 | |
| Title: Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35) | |
| Solution: upgrade to '>= 1.13.2' | |
| Name: nokogiri | |
| Version: 1.11.2 | |
| CVE: CVE-2021-3517 | |
| GHSA: GHSA-jw9f-hh49-cvp9 | |
| Criticality: High | |
| URL: https://bugzilla.redhat.com/show_bug.cgi?id=1954232 | |
| Title: Nokogiri contains libxml Out-of-bounds Write vulnerability | |
| Solution: upgrade to '>= 1.11.4' | |
| Name: nokogiri | |
| Version: 1.11.2 | |
| CVE: CVE-2021-3518 | |
| GHSA: GHSA-v4f8-2847-rwm7 | |
| Criticality: High | |
| URL: https://nokogiri.org/CHANGELOG.html#1114-2021-05-14 | |
| Title: Nokogiri Implements libxml2 version vulnerable to use-after-free | |
| Solution: upgrade to '>= 1.11.4' | |
| Name: nokogiri | |
| Version: 1.11.2 | |
| CVE: CVE-2021-3537 | |
| GHSA: GHSA-286v-pcf5-25rc | |
| Criticality: Medium | |
| URL: https://nokogiri.org/CHANGELOG.html#1114-2021-05-14 | |
| Title: Nokogiri Implements libxml2 version vulnerable to null pointer dereferencing | |
| Solution: upgrade to '>= 1.11.4' | |
| Name: nokogiri | |
| Version: 1.11.2 | |
| CVE: CVE-2021-41098 | |
| GHSA: GHSA-2rr5-8q37-2w7h | |
| Criticality: High | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h | |
| Title: Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby | |
| Solution: upgrade to '>= 1.12.5' | |
| Name: nokogiri | |
| Version: 1.11.2 | |
| CVE: CVE-2022-23437 | |
| GHSA: GHSA-xxx9-3xcr-gjj3 | |
| Criticality: Medium | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xxx9-3xcr-gjj3 | |
| Title: XML Injection in Xerces Java affects Nokogiri | |
| Solution: upgrade to '>= 1.13.4' | |
| Name: nokogiri | |
| Version: 1.11.2 | |
| CVE: CVE-2022-24836 | |
| GHSA: GHSA-crjr-9rc5-ghw8 | |
| Criticality: High | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8 | |
| Title: Inefficient Regular Expression Complexity in Nokogiri | |
| Solution: upgrade to '>= 1.13.4' | |
| Name: nokogiri | |
| Version: 1.11.2 | |
| CVE: CVE-2022-24839 | |
| GHSA: GHSA-gx8x-g87m-h5q6 | |
| Criticality: High | |
| URL: https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv | |
| Title: Denial of Service (DoS) in Nokogiri on JRuby | |
| Solution: upgrade to '>= 1.13.4' | |
| Name: nokogiri | |
| Version: 1.11.2 | |
| CVE: CVE-2022-29181 | |
| GHSA: GHSA-xh29-r2w5-wx8m | |
| Criticality: High | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m | |
| Title: Improper Handling of Unexpected Data Type in Nokogiri | |
| Solution: upgrade to '>= 1.13.6' | |
| Name: nokogiri | |
| Version: 1.11.2 | |
| GHSA: GHSA-2qc6-mcvw-92cw | |
| Criticality: Unknown | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw | |
| Title: Update bundled libxml2 to v2.10.3 to resolve multiple CVEs | |
| Solution: upgrade to '>= 1.13.9' | |
| Name: nokogiri | |
| Version: 1.11.2 | |
| GHSA: GHSA-7rrm-v45f-jp64 | |
| Criticality: High | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64 | |
| Title: Update packaged dependency libxml2 from 2.9.10 to 2.9.12 | |
| Solution: upgrade to '>= 1.11.4' | |
| Name: nokogiri | |
| Version: 1.11.2 | |
| GHSA: GHSA-cgx6-hpwq-fhv5 | |
| Criticality: High | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-cgx6-hpwq-fhv5 | |
| Title: Integer Overflow or Wraparound in libxml2 affects Nokogiri | |
| Solution: upgrade to '>= 1.13.5' | |
| Name: nokogiri | |
| Version: 1.11.2 | |
| GHSA: GHSA-pxvg-2qj5-37jq | |
| Criticality: Unknown | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-pxvg-2qj5-37jq | |
| Title: Update packaged libxml2 to v2.10.4 to resolve multiple CVEs | |
| Solution: upgrade to '>= 1.14.3' | |
| Name: nokogiri | |
| Version: 1.11.2 | |
| GHSA: GHSA-r95h-9x8f-r3f7 | |
| Criticality: Unknown | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-r95h-9x8f-r3f7 | |
| Title: Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459 | |
| Solution: upgrade to '>= 1.16.5' | |
| Name: nokogiri | |
| Version: 1.11.2 | |
| GHSA: GHSA-xc9x-jj77-9p9j | |
| Criticality: Unknown | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xc9x-jj77-9p9j | |
| Title: Use-after-free in libxml2 via Nokogiri::XML::Reader | |
| Solution: upgrade to '~> 1.15.6', '>= 1.16.2' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/tools/misc/td/Gemfile.lock | |
| Name: rubyzip | |
| Version: 1.2.2 | |
| CVE: CVE-2019-16892 | |
| GHSA: GHSA-5m2v-hc64-56h6 | |
| Criticality: Medium | |
| URL: https://github.com/rubyzip/rubyzip/pull/403 | |
| Title: Denial of Service in rubyzip ("zip bombs") | |
| Solution: upgrade to '>= 1.3.0' | |
| Name: yajl-ruby | |
| Version: 1.4.1 | |
| CVE: CVE-2022-24795 | |
| GHSA: GHSA-jj47-x69x-mxrm | |
| Criticality: Medium | |
| URL: https://github.com/brianmario/yajl-ruby/security/advisories/GHSA-jj47-x69x-mxrm | |
| Title: Reallocation bug can trigger heap memory corruption | |
| Solution: upgrade to '>= 1.4.2' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/tools/misc/riemann-tools/Gemfile.lock | |
| Name: json | |
| Version: 1.8.6 | |
| CVE: CVE-2020-10663 | |
| GHSA: GHSA-jphg-qwrw-7w9g | |
| Criticality: High | |
| URL: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/ | |
| Title: json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix) | |
| Solution: upgrade to '>= 2.3.0' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/tools/misc/lolcat/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/tools/misc/twurl/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/tools/networking/hue-cli/Gemfile.lock | |
| Name: json | |
| Version: 2.2.0 | |
| CVE: CVE-2020-10663 | |
| GHSA: GHSA-jphg-qwrw-7w9g | |
| Criticality: High | |
| URL: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/ | |
| Title: json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix) | |
| Solution: upgrade to '>= 2.3.0' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/tools/networking/maphosts/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/tools/typesetting/asciidoctor-with-extensions/Gemfile.lock | |
| Name: nokogiri | |
| Version: 1.15.4 | |
| GHSA: GHSA-r95h-9x8f-r3f7 | |
| Criticality: Unknown | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-r95h-9x8f-r3f7 | |
| Title: Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459 | |
| Solution: upgrade to '>= 1.16.5' | |
| Name: nokogiri | |
| Version: 1.15.4 | |
| GHSA: GHSA-xc9x-jj77-9p9j | |
| Criticality: Unknown | |
| URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xc9x-jj77-9p9j | |
| Title: Use-after-free in libxml2 via Nokogiri::XML::Reader | |
| Solution: upgrade to '~> 1.15.6', '>= 1.16.2' | |
| Name: rexml | |
| Version: 3.2.6 | |
| CVE: CVE-2024-35176 | |
| GHSA: GHSA-vg3r-rm7w-2xgh | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh | |
| Title: REXML contains a denial of service vulnerability | |
| Solution: upgrade to '>= 3.2.7' | |
| Name: rexml | |
| Version: 3.2.6 | |
| CVE: CVE-2024-39908 | |
| GHSA: GHSA-4xqq-m2hx-25v8 | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8 | |
| Title: DoS in REXML | |
| Solution: upgrade to '>= 3.3.2' | |
| Name: rexml | |
| Version: 3.2.6 | |
| CVE: CVE-2024-41123 | |
| GHSA: GHSA-r55c-59qm-vjw6 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.2.6 | |
| CVE: CVE-2024-41946 | |
| GHSA: GHSA-5866-49gr-22v4 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.2.6 | |
| CVE: CVE-2024-43398 | |
| GHSA: GHSA-vmwr-mc7x-5vc3 | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-vmwr-mc7x-5vc3 | |
| Title: REXML denial of service vulnerability | |
| Solution: upgrade to '>= 3.3.6' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/tools/typesetting/kramdown-asciidoc/Gemfile.lock | |
| Name: rexml | |
| Version: 3.2.6 | |
| CVE: CVE-2024-35176 | |
| GHSA: GHSA-vg3r-rm7w-2xgh | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh | |
| Title: REXML contains a denial of service vulnerability | |
| Solution: upgrade to '>= 3.2.7' | |
| Name: rexml | |
| Version: 3.2.6 | |
| CVE: CVE-2024-39908 | |
| GHSA: GHSA-4xqq-m2hx-25v8 | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8 | |
| Title: DoS in REXML | |
| Solution: upgrade to '>= 3.3.2' | |
| Name: rexml | |
| Version: 3.2.6 | |
| CVE: CVE-2024-41123 | |
| GHSA: GHSA-r55c-59qm-vjw6 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.2.6 | |
| CVE: CVE-2024-41946 | |
| GHSA: GHSA-5866-49gr-22v4 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.2.6 | |
| CVE: CVE-2024-43398 | |
| GHSA: GHSA-vmwr-mc7x-5vc3 | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-vmwr-mc7x-5vc3 | |
| Title: REXML denial of service vulnerability | |
| Solution: upgrade to '>= 3.3.6' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/tools/typesetting/asciidoctor/Gemfile.lock | |
| Name: rexml | |
| Version: 3.2.6 | |
| CVE: CVE-2024-35176 | |
| GHSA: GHSA-vg3r-rm7w-2xgh | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh | |
| Title: REXML contains a denial of service vulnerability | |
| Solution: upgrade to '>= 3.2.7' | |
| Name: rexml | |
| Version: 3.2.6 | |
| CVE: CVE-2024-39908 | |
| GHSA: GHSA-4xqq-m2hx-25v8 | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8 | |
| Title: DoS in REXML | |
| Solution: upgrade to '>= 3.3.2' | |
| Name: rexml | |
| Version: 3.2.6 | |
| CVE: CVE-2024-41123 | |
| GHSA: GHSA-r55c-59qm-vjw6 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.2.6 | |
| CVE: CVE-2024-41946 | |
| GHSA: GHSA-5866-49gr-22v4 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.2.6 | |
| CVE: CVE-2024-43398 | |
| GHSA: GHSA-vmwr-mc7x-5vc3 | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-vmwr-mc7x-5vc3 | |
| Title: REXML denial of service vulnerability | |
| Solution: upgrade to '>= 3.3.6' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/tools/admin/itamae/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/tools/admin/fastlane/Gemfile.lock | |
| Name: rexml | |
| Version: 3.2.6 | |
| CVE: CVE-2024-35176 | |
| GHSA: GHSA-vg3r-rm7w-2xgh | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh | |
| Title: REXML contains a denial of service vulnerability | |
| Solution: upgrade to '>= 3.2.7' | |
| Name: rexml | |
| Version: 3.2.6 | |
| CVE: CVE-2024-39908 | |
| GHSA: GHSA-4xqq-m2hx-25v8 | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8 | |
| Title: DoS in REXML | |
| Solution: upgrade to '>= 3.3.2' | |
| Name: rexml | |
| Version: 3.2.6 | |
| CVE: CVE-2024-41123 | |
| GHSA: GHSA-r55c-59qm-vjw6 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.2.6 | |
| CVE: CVE-2024-41946 | |
| GHSA: GHSA-5866-49gr-22v4 | |
| Criticality: Medium | |
| URL: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946 | |
| Title: DoS vulnerabilities in REXML | |
| Solution: upgrade to '>= 3.3.3' | |
| Name: rexml | |
| Version: 3.2.6 | |
| CVE: CVE-2024-43398 | |
| GHSA: GHSA-vmwr-mc7x-5vc3 | |
| Criticality: Medium | |
| URL: https://github.com/ruby/rexml/security/advisories/GHSA-vmwr-mc7x-5vc3 | |
| Title: REXML denial of service vulnerability | |
| Solution: upgrade to '>= 3.3.6' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/tools/admin/oxidized/Gemfile.lock | |
| Name: oxidized-web | |
| Version: 0.14.0 | |
| CVE: CVE-2019-25088 | |
| GHSA: GHSA-8qwh-rm6c-jv96 | |
| Criticality: Medium | |
| URL: https://github.com/ytti/oxidized-web/pull/195 | |
| Title: Oxidized Web vulnerable to Cross-site Scripting | |
| Solution: remove or disable this gem until a patch is available! | |
| Name: puma | |
| Version: 6.4.2 | |
| CVE: CVE-2024-45614 | |
| GHSA: GHSA-9hf4-67fc-4vf4 | |
| Criticality: Medium | |
| URL: https://github.com/puma/puma/security/advisories/GHSA-9hf4-67fc-4vf4 | |
| Title: Puma's header normalization allows for client to clobber proxy set headers | |
| Solution: upgrade to '~> 5.6.9', '>= 6.4.3' | |
| Vulnerabilities found! | |
| Gemfile: ./pkgs/tools/text/reckon/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/tools/text/uniscribe/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/tools/text/ruby-zoom/Gemfile.lock | |
| No vulnerabilities found | |
| Gemfile: ./pkgs/tools/text/papertrail/Gemfile.lock | |
| No vulnerabilities found |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment