-
-
Save PavelPenkov/add436a9284f112d8e86 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Name: sprockets | |
| Version: 2.2.3.backport2 | |
| Advisory: CVE-2014-7819 | |
| Criticality: Medium | |
| URL: https://groups.google.com/forum/#!topic/rubyonrails-security/doAVp0YaTqY | |
| Title: Arbitrary file existence disclosure in Sprockets | |
| Solution: upgrade to ~> 2.0.5, ~> 2.1.4, ~> 2.2.3, ~> 2.3.3, ~> 2.4.6, ~> 2.5.1, ~> 2.7.1, ~> 2.8.3, ~> 2.9.4, ~> 2.10.2, ~> 2.11.3, ~> 2.12.3, >= 3.0.0.beta.3 | |
| Name: actionpack | |
| Version: 3.2.22 | |
| Advisory: CVE-2015-7576 | |
| Criticality: Unknown | |
| URL: https://groups.google.com/forum/#!topic/rubyonrails-security/ANv0HDHEC3k | |
| Title: Timing attack vulnerability in basic authentication in Action Controller. | |
| Solution: upgrade to ~> 5.0.0.beta1.1, ~> 4.2.5.1, ~> 4.1.14.1, ~> 3.2.22.1 | |
| Name: actionpack | |
| Version: 3.2.22 | |
| Advisory: CVE-2016-0751 | |
| Criticality: Unknown | |
| URL: https://groups.google.com/forum/#!topic/rubyonrails-security/9oLY_FCzvoc | |
| Title: Possible Object Leak and Denial of Service attack in Action Pack | |
| Solution: upgrade to ~> 5.0.0.beta1.1, ~> 4.2.5.1, ~> 4.1.14.1, ~> 3.2.22.1 | |
| Name: activerecord | |
| Version: 3.2.22 | |
| Advisory: CVE-2015-7577 | |
| Criticality: Unknown | |
| URL: https://groups.google.com/forum/#!topic/rubyonrails-security/cawsWcQ6c8g | |
| Title: Nested attributes rejection proc bypass in Active Record | |
| Solution: upgrade to ~> 5.0.0.beta1.1, ~> 4.2.5.1, ~> 4.1.14.1, ~> 3.2.22.1 | |
| Name: jquery-rails | |
| Version: 2.2.1 | |
| Advisory: CVE-2015-1840 | |
| Criticality: Medium | |
| URL: https://groups.google.com/forum/#!topic/ruby-security-ann/XIZPbobuwaY | |
| Title: CSRF Vulnerability in jquery-rails | |
| Solution: upgrade to >= 4.0.4, ~> 3.1.3 | |
| Name: mail | |
| Version: 2.5.4 | |
| Advisory: 131677 | |
| Criticality: Unknown | |
| URL: http://www.mbsd.jp/Whitepaper/smtpi.pdf | |
| Title: Mail Gem for Ruby vulnerable to SMTP Injection via recipient email addresses | |
| Solution: upgrade to >= 2.6.0 | |
| Name: nokogiri | |
| Version: 1.5.10 | |
| Advisory: CVE-2013-6461 | |
| Criticality: Unknown | |
| URL: http://www.osvdb.org/show/osvdb/101458 | |
| Title: Nokogiri Gem for Ruby External Entity (XXE) Expansion Remote DoS | |
| Solution: upgrade to ~> 1.5.11, >= 1.6.1 | |
| Name: nokogiri | |
| Version: 1.5.10 | |
| Advisory: CVE-2015-1819 | |
| Criticality: Unknown | |
| URL: https://github.com/sparklemotion/nokogiri/issues/1374 | |
| Title: Nokogiri gem contains several vulnerabilities in libxml2 and libxslt | |
| Solution: upgrade to ~> 1.6.6.4, >= 1.6.7.rc4 | |
| Name: nokogiri | |
| Version: 1.5.10 | |
| Advisory: CVE-2013-6460 | |
| Criticality: Medium | |
| URL: http://osvdb.org/show/osvdb/101179 | |
| Title: Nokogiri Gem for JRuby Crafted XML Document Handling Infinite Loop Remote DoS | |
| Solution: upgrade to ~> 1.5.11, >= 1.6.1 | |
| Name: nokogiri | |
| Version: 1.5.10 | |
| Advisory: 118481 | |
| Criticality: Unknown | |
| URL: https://github.com/sparklemotion/nokogiri/pull/1087 | |
| Title: Nokogiri Gem for JRuby XML Document Root Element Handling Memory Consumption | |
| Remote DoS | |
| Solution: upgrade to >= 1.6.3 | |
| Name: rest-client | |
| Version: 1.6.7 | |
| Advisory: CVE-2015-3448 | |
| Criticality: Unknown | |
| URL: http://www.osvdb.org/show/osvdb/117461 | |
| Title: Rest-Client Gem for Ruby logs password information in plaintext | |
| Solution: upgrade to >= 1.7.3 | |
| Name: rest-client | |
| Version: 1.6.7 | |
| Advisory: CVE-2015-1820 | |
| Criticality: Unknown | |
| URL: https://github.com/rest-client/rest-client/issues/369 | |
| Title: rubygem-rest-client: session fixation vulnerability via Set-Cookie headers in 30x redirection responses | |
| Solution: upgrade to >= 1.8.0 | |
| Name: sidekiq | |
| Version: 2.17.5 | |
| Advisory: 125676 | |
| Criticality: Unknown | |
| URL: https://github.com/mperham/sidekiq/issues/2330 | |
| Title: Sidekiq Gem for Ruby web/views/queue.erb CurrentMessagesInQueue Element | |
| Reflected XSS | |
| Solution: upgrade to >= 3.4.0 | |
| Name: sidekiq | |
| Version: 2.17.5 | |
| Advisory: 125678 | |
| Criticality: Unknown | |
| URL: https://github.com/mperham/sidekiq/pull/2309 | |
| Title: Sidekiq Gem for Ruby web/views/queue.erb msg.display_class Element XSS | |
| Solution: upgrade to >= 3.4.0 | |
| Name: sidekiq | |
| Version: 2.17.5 | |
| Advisory: 125675 | |
| Criticality: Unknown | |
| URL: https://github.com/mperham/sidekiq/pull/2422 | |
| Title: Sidekiq Gem for Ruby Multiple Unspecified CSRF | |
| Solution: upgrade to >= 3.4.2 | |
| Name: uglifier | |
| Version: 1.3.0 | |
| Advisory: 126747 | |
| Criticality: Unknown | |
| URL: https://github.com/mishoo/UglifyJS2/issues/751 | |
| Title: uglifier incorrectly handles non-boolean comparisons during minification | |
| Solution: upgrade to >= 2.7.2 | |
| Vulnerabilities found! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment