Researchers investigating the Rails parameter parsing vulnerability discovered that the same or similar vulnerable code had made its way into multiple other libraries. If your application uses these libraries to process untrusted data, it may still be vulnerable even if you have upgraded Rails. Check your Gemfile and Gemfile.lock for vulnerable versions of the following libraries.
Vulnerable: <= 3.2.10, <= 3.1.9, <= 3.0.18, <= 2.3.14
Fixed: 3.2.11, 3.1.10, 3.0.19, 2.3.15
Vulnerable: <= 0.5.1
Fixed: 0.5.2
Vulnerable: <= 0.9.0
Fixed: 0.10.0
Vulnerable: <= 0.9.15
Fixed: 0.9.16
Vulnerable: <= 0.3.1
Fixed: 0.3.2
Vulnerable: <= 2.0.1, <= 1.1.3, <= 1.0.2
Fixed: 2.0.2, 1.1.4, 1.0.3
Not all dependent libraries are listed, only those that have either released a version that explicitly depends on a fixed version of one of the above libraries or otherwise mitigated the security threat.
Vulnerable: <= 0.2.4
Fixed: 0.2.5 (workaround)
Fixed: 0.2.6 (updated multi_xml dependency)
Vulnerable: <= 10.16.5
Fixed: 10.16.6 (updated extlib dependency)
globalize3 not affected