Created
February 20, 2016 23:46
-
-
Save steakunderscore/7ffc6157aad53747a7c3 to your computer and use it in GitHub Desktop.
Output from bundle-audit for Montreal.rb [5c664da]
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Name: actionpack | |
| Version: 4.2.5 | |
| Advisory: CVE-2015-7581 | |
| Criticality: Unknown | |
| URL: https://groups.google.com/forum/#!topic/rubyonrails-security/dthJ5wL69JE | |
| Title: Object leak vulnerability for wildcard controller routes in Action Pack | |
| Solution: upgrade to ~> 4.2.5.1, ~> 4.1.14.1 | |
| Name: actionpack | |
| Version: 4.2.5 | |
| Advisory: CVE-2015-7576 | |
| Criticality: Unknown | |
| URL: https://groups.google.com/forum/#!topic/rubyonrails-security/ANv0HDHEC3k | |
| Title: Timing attack vulnerability in basic authentication in Action Controller. | |
| Solution: upgrade to ~> 5.0.0.beta1.1, ~> 4.2.5.1, ~> 4.1.14.1, ~> 3.2.22.1 | |
| Name: actionpack | |
| Version: 4.2.5 | |
| Advisory: CVE-2016-0751 | |
| Criticality: Unknown | |
| URL: https://groups.google.com/forum/#!topic/rubyonrails-security/9oLY_FCzvoc | |
| Title: Possible Object Leak and Denial of Service attack in Action Pack | |
| Solution: upgrade to ~> 5.0.0.beta1.1, ~> 4.2.5.1, ~> 4.1.14.1, ~> 3.2.22.1 | |
| Name: actionview | |
| Version: 4.2.5 | |
| Advisory: CVE-2016-0752 | |
| Criticality: Unknown | |
| URL: https://groups.google.com/forum/#!topic/rubyonrails-security/335P1DcLG00 | |
| Title: Possible Information Leak Vulnerability in Action View | |
| Solution: upgrade to ~> 5.0.0.beta1.1, ~> 4.2.5.1, ~> 4.1.14.1, ~> 3.2.22.1 | |
| Name: activemodel | |
| Version: 4.2.5 | |
| Advisory: CVE-2016-0753 | |
| Criticality: Unknown | |
| URL: https://groups.google.com/forum/#!topic/rubyonrails-security/6jQVC1geukQ | |
| Title: Possible Input Validation Circumvention in Active Model | |
| Solution: upgrade to ~> 5.0.0.beta1.1, ~> 4.2.5.1, ~> 4.1.14.1 | |
| Name: activerecord | |
| Version: 4.2.5 | |
| Advisory: CVE-2015-7577 | |
| Criticality: Unknown | |
| URL: https://groups.google.com/forum/#!topic/rubyonrails-security/cawsWcQ6c8g | |
| Title: Nested attributes rejection proc bypass in Active Record | |
| Solution: upgrade to ~> 5.0.0.beta1.1, ~> 4.2.5.1, ~> 4.1.14.1, ~> 3.2.22.1 | |
| Name: devise | |
| Version: 3.5.3 | |
| Advisory: CVE-2015-8314 | |
| Criticality: Unknown | |
| URL: http://blog.plataformatec.com.br/2016/01/improve-remember-me-cookie-expiration-in-devise/ | |
| Title: Devise Gem for Ruby Unauthorized Access Using Remember Me Cookie | |
| Solution: upgrade to >= 3.5.4 | |
| Name: nokogiri | |
| Version: 1.6.7 | |
| Advisory: CVE-2015-5312 | |
| Criticality: High | |
| URL: https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s | |
| Title: Nokogiri gem contains several vulnerabilities in libxml2 | |
| Solution: upgrade to >= 1.6.7.1 | |
| Name: nokogiri | |
| Version: 1.6.7 | |
| Advisory: CVE-2015-7499 | |
| Criticality: Medium | |
| URL: https://groups.google.com/forum/#!topic/ruby-security-ann/Dy7YiKb_pMM | |
| Title: Nokogiri gem contains a heap-based buffer overflow vulnerability in libxml2 | |
| Solution: upgrade to >= 1.6.7.2 | |
| Name: rails-html-sanitizer | |
| Version: 1.0.2 | |
| Advisory: CVE-2015-7578 | |
| Criticality: Unknown | |
| URL: https://groups.google.com/forum/#!topic/rubyonrails-security/uh--W4TDwmI | |
| Title: Possible XSS vulnerability in rails-html-sanitizer | |
| Solution: upgrade to ~> 1.0.3 | |
| Name: rails-html-sanitizer | |
| Version: 1.0.2 | |
| Advisory: CVE-2015-7580 | |
| Criticality: Unknown | |
| URL: https://groups.google.com/forum/#!topic/rubyonrails-security/uh--W4TDwmI | |
| Title: Possible XSS vulnerability in rails-html-sanitizer | |
| Solution: upgrade to ~> 1.0.3 | |
| Vulnerabilities found! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment