Vulnerable Library - rspec-rails-4.0.0.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/nokogiri-1.10.9.gem
Found in HEAD commit: 5473125c0050f0e991eee16c626c4cca1e562b27
Vulnerabilities
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the section "Details" below to see if there is a version of transitive dependency where vulnerability is fixed.
Details
Partial details (23 vulnerabilities) are displayed below due to a content size limitation in GitHub. To view information on the remaining vulnerabilities, navigate to the Mend Application.
CVE-2020-8165
Vulnerable Library - activesupport-6.0.2.2.gem
A toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization, time zones, and testing.
Library home page: https://rubygems.org/gems/activesupport-6.0.2.2.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/activesupport-6.0.2.2.gem
Dependency Hierarchy:
- rspec-rails-4.0.0.gem (Root Library)
- ❌ activesupport-6.0.2.2.gem (Vulnerable Library)
Found in HEAD commit: 5473125c0050f0e991eee16c626c4cca1e562b27
Found in base branch: main
Vulnerability Details
A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.
Publish Date: 2020-06-19
URL: CVE-2020-8165
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: GHSA-2p68-f74v-9wc6
Release Date: 2020-06-19
Fix Resolution: 5.2.4.3,6.0.3.1
CVE-2022-30123
Vulnerable Library - rack-2.2.3.gem
Rack provides a minimal, modular and adaptable interface for developing
web applications in Ruby. By wrapping HTTP requests and responses in
the simplest way possible, it unifies and distills the API for web
servers, web frameworks, and software in between (the so-called
middleware) into a single method call.
Library home page: https://rubygems.org/gems/rack-2.2.3.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/rack-2.2.3.gem
Dependency Hierarchy:
- rspec-rails-4.0.0.gem (Root Library)
- railties-6.0.2.2.gem
- actionpack-6.0.2.2.gem
- ❌ rack-2.2.3.gem (Vulnerable Library)
Found in HEAD commit: 5473125c0050f0e991eee16c626c4cca1e562b27
Found in base branch: main
Vulnerability Details
There is a possible shell escape sequence injection vulnerability in the Lint and CommonLogger components of Rack before 2.0.9.1,2.1.4.1,2.2.3.1
Publish Date: 2022-05-03
URL: CVE-2022-30123
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: GHSA-wq4h-7r42-5hrr
Release Date: 2022-05-03
Fix Resolution: rack - 2.0.9.1,2.1.4.1,2.2.3.1
WS-2022-0089
Vulnerable Library - nokogiri-1.10.9.gem
Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser. Among
Nokogiri's many features is the ability to search documents via XPath
or CSS3 selectors.
Library home page: https://rubygems.org/gems/nokogiri-1.10.9.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/nokogiri-1.10.9.gem
Dependency Hierarchy:
- rspec-rails-4.0.0.gem (Root Library)
- railties-6.0.2.2.gem
- actionpack-6.0.2.2.gem
- actionview-6.0.2.2.gem
- rails-html-sanitizer-1.3.0.gem
- loofah-2.4.0.gem
- ❌ nokogiri-1.10.9.gem (Vulnerable Library)
Found in HEAD commit: 5473125c0050f0e991eee16c626c4cca1e562b27
Found in base branch: main
Vulnerability Details
Nokogiri before version 1.13.2 is vulnerable.
Publish Date: 2022-03-01
URL: WS-2022-0089
CVSS 3 Score Details (8.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: GHSA-fq42-c5rg-92c2
Release Date: 2022-03-01
Fix Resolution: nokogiri - v1.13.2
CVE-2022-29181
Vulnerable Library - nokogiri-1.10.9.gem
Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser. Among
Nokogiri's many features is the ability to search documents via XPath
or CSS3 selectors.
Library home page: https://rubygems.org/gems/nokogiri-1.10.9.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/nokogiri-1.10.9.gem
Dependency Hierarchy:
- rspec-rails-4.0.0.gem (Root Library)
- railties-6.0.2.2.gem
- actionpack-6.0.2.2.gem
- actionview-6.0.2.2.gem
- rails-html-sanitizer-1.3.0.gem
- loofah-2.4.0.gem
- ❌ nokogiri-1.10.9.gem (Vulnerable Library)
Found in HEAD commit: 5473125c0050f0e991eee16c626c4cca1e562b27
Found in base branch: main
Vulnerability Details
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a String
by calling #to_s
or equivalent.
Publish Date: 2022-05-20
URL: CVE-2022-29181
CVSS 3 Score Details (8.2)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29181
Release Date: 2022-05-20
Fix Resolution: nokogiri - 1.13.6
CVE-2022-31163
Vulnerable Library - tzinfo-1.2.7.gem
TZInfo provides daylight savings aware transformations between times in different time zones.
Library home page: https://rubygems.org/gems/tzinfo-1.2.7.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/tzinfo-1.2.7.gem
Dependency Hierarchy:
- rspec-rails-4.0.0.gem (Root Library)
- railties-6.0.2.2.gem
- actionpack-6.0.2.2.gem
- actionview-6.0.2.2.gem
- activesupport-6.0.2.2.gem
- ❌ tzinfo-1.2.7.gem (Vulnerable Library)
Found in HEAD commit: 5473125c0050f0e991eee16c626c4cca1e562b27
Found in base branch: main
Vulnerability Details
TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the Ruby data source, time zones are defined in Ruby files. There is one file per time zone. Time zone files are loaded with require
on demand. In the affected versions, TZInfo::Timezone.get
fails to validate time zone identifiers correctly, allowing a new line character within the identifier. With Ruby version 1.9.3 and later, TZInfo::Timezone.get
can be made to load unintended files with require
, executing them within the Ruby process. Versions 0.3.61 and 1.2.10 include fixes to correctly validate time zone identifiers. Versions 2.0.0 and later are not vulnerable. Version 0.3.61 can still load arbitrary files from the Ruby load path if their name follows the rules for a valid time zone identifier and the file has a prefix of tzinfo/definition
within a directory in the load path. Applications should ensure that untrusted files are not placed in a directory on the load path. As a workaround, the time zone identifier can be validated before passing to TZInfo::Timezone.get
by ensuring it matches the regular expression \A[A-Za-z0-9+\-_]+(?:\/[A-Za-z0-9+\-_]+)*\z
.
Publish Date: 2022-07-22
URL: CVE-2022-31163
CVSS 3 Score Details (8.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: GHSA-5cm2-9h8c-rvfx
Release Date: 2022-07-22
Fix Resolution: tzinfo - 0.3.61,1.2.10
CVE-2020-8164
Vulnerable Library - actionpack-6.0.2.2.gem
Web apps on Rails. Simple, battle-tested conventions for building and testing MVC web applications. Works with any Rack-compatible server.
Library home page: https://rubygems.org/gems/actionpack-6.0.2.2.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/actionpack-6.0.2.2.gem
Dependency Hierarchy:
- rspec-rails-4.0.0.gem (Root Library)
- ❌ actionpack-6.0.2.2.gem (Vulnerable Library)
Found in HEAD commit: 5473125c0050f0e991eee16c626c4cca1e562b27
Found in base branch: main
Vulnerability Details
A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters.
Publish Date: 2020-06-19
URL: CVE-2020-8164
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: GHSA-8727-m6gj-mc37
Release Date: 2020-06-19
Fix Resolution: 5.2.4.3,6.0.3.1
CVE-2021-41098
Vulnerable Library - nokogiri-1.10.9.gem
Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser. Among
Nokogiri's many features is the ability to search documents via XPath
or CSS3 selectors.
Library home page: https://rubygems.org/gems/nokogiri-1.10.9.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/nokogiri-1.10.9.gem
Dependency Hierarchy:
- rspec-rails-4.0.0.gem (Root Library)
- railties-6.0.2.2.gem
- actionpack-6.0.2.2.gem
- actionview-6.0.2.2.gem
- rails-html-sanitizer-1.3.0.gem
- loofah-2.4.0.gem
- ❌ nokogiri-1.10.9.gem (Vulnerable Library)
Found in HEAD commit: 5473125c0050f0e991eee16c626c4cca1e562b27
Found in base branch: main
Vulnerability Details
Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parser resolves external entities by default. Users of Nokogiri on JRuby who parse untrusted documents using any of these classes are affected: Nokogiri::XML::SAX::Parse, Nokogiri::HTML4::SAX::Parser or its alias Nokogiri::HTML::SAX::Parser, Nokogiri::XML::SAX::PushParser, and Nokogiri::HTML4::SAX::PushParser or its alias Nokogiri::HTML::SAX::PushParser. JRuby users should upgrade to Nokogiri v1.12.5 or later to receive a patch for this issue. There are no workarounds available for v1.12.4 or earlier. CRuby users are not affected.
Publish Date: 2021-09-27
URL: CVE-2021-41098
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41098
Release Date: 2021-09-27
Fix Resolution: nokogiri - 1.12.5
CVE-2022-30122
Vulnerable Library - rack-2.2.3.gem
Rack provides a minimal, modular and adaptable interface for developing
web applications in Ruby. By wrapping HTTP requests and responses in
the simplest way possible, it unifies and distills the API for web
servers, web frameworks, and software in between (the so-called
middleware) into a single method call.
Library home page: https://rubygems.org/gems/rack-2.2.3.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/rack-2.2.3.gem
Dependency Hierarchy:
- rspec-rails-4.0.0.gem (Root Library)
- railties-6.0.2.2.gem
- actionpack-6.0.2.2.gem
- ❌ rack-2.2.3.gem (Vulnerable Library)
Found in HEAD commit: 5473125c0050f0e991eee16c626c4cca1e562b27
Found in base branch: main
Vulnerability Details
There is a possible denial of service vulnerability in the multipart parsing component of Rack before 2.0.9.1,2.1.4.1,2.2.3.1
Publish Date: 2022-05-03
URL: CVE-2022-30122
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: GHSA-hxqx-xwvh-44m2
Release Date: 2022-05-03
Fix Resolution: rack - 2.0.9.1,2.1.4.1,2.2.3.1
CVE-2021-22885
Vulnerable Library - actionpack-6.0.2.2.gem
Web apps on Rails. Simple, battle-tested conventions for building and testing MVC web applications. Works with any Rack-compatible server.
Library home page: https://rubygems.org/gems/actionpack-6.0.2.2.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/actionpack-6.0.2.2.gem
Dependency Hierarchy:
- rspec-rails-4.0.0.gem (Root Library)
- ❌ actionpack-6.0.2.2.gem (Vulnerable Library)
Found in HEAD commit: 5473125c0050f0e991eee16c626c4cca1e562b27
Found in base branch: main
Vulnerability Details
A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the redirect_to
or polymorphic_url
helper with untrusted user input.
Publish Date: 2021-05-27
URL: CVE-2021-22885
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: GHSA-hjg4-8q5f-x6fm
Release Date: 2021-05-27
Fix Resolution: actionpack - 5.2.4.6,5.2.6,6.0.3.7,6.1.3.2
CVE-2022-24836
Vulnerable Library - nokogiri-1.10.9.gem
Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser. Among
Nokogiri's many features is the ability to search documents via XPath
or CSS3 selectors.
Library home page: https://rubygems.org/gems/nokogiri-1.10.9.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/nokogiri-1.10.9.gem
Dependency Hierarchy:
- rspec-rails-4.0.0.gem (Root Library)
- railties-6.0.2.2.gem
- actionpack-6.0.2.2.gem
- actionview-6.0.2.2.gem
- rails-html-sanitizer-1.3.0.gem
- loofah-2.4.0.gem
- ❌ nokogiri-1.10.9.gem (Vulnerable Library)
Found in HEAD commit: 5473125c0050f0e991eee16c626c4cca1e562b27
Found in base branch: main
Vulnerability Details
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri < v1.13.4
contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri >= 1.13.4
. There are no known workarounds for this issue.
Publish Date: 2022-04-11
URL: CVE-2022-24836
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: GHSA-crjr-9rc5-ghw8
Release Date: 2022-04-11
Fix Resolution: nokogiri - 1.13.4
CVE-2021-22902
Vulnerable Library - actionpack-6.0.2.2.gem
Web apps on Rails. Simple, battle-tested conventions for building and testing MVC web applications. Works with any Rack-compatible server.
Library home page: https://rubygems.org/gems/actionpack-6.0.2.2.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/actionpack-6.0.2.2.gem
Dependency Hierarchy:
- rspec-rails-4.0.0.gem (Root Library)
- ❌ actionpack-6.0.2.2.gem (Vulnerable Library)
Found in HEAD commit: 5473125c0050f0e991eee16c626c4cca1e562b27
Found in base branch: main
Vulnerability Details
The actionpack ruby gem (a framework for handling and responding to web requests in Rails) before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch to do catastrophic backtracking in the regular expression engine.
Publish Date: 2021-06-11
URL: CVE-2021-22902
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Release Date: 2021-06-11
Fix Resolution: actionpack - 6.0.3.7,6.1.3.2
CVE-2021-22904
Vulnerable Library - actionpack-6.0.2.2.gem
Web apps on Rails. Simple, battle-tested conventions for building and testing MVC web applications. Works with any Rack-compatible server.
Library home page: https://rubygems.org/gems/actionpack-6.0.2.2.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/actionpack-6.0.2.2.gem
Dependency Hierarchy:
- rspec-rails-4.0.0.gem (Root Library)
- ❌ actionpack-6.0.2.2.gem (Vulnerable Library)
Found in HEAD commit: 5473125c0050f0e991eee16c626c4cca1e562b27
Found in base branch: main
Vulnerability Details
The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses authenticate_or_request_with_http_token
or authenticate_with_http_token
for request authentication.
Publish Date: 2021-06-11
URL: CVE-2021-22904
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Release Date: 2021-06-11
Fix Resolution: actionpack - 5.2.4.6,5.2.6,6.0.3.7,6.1.3.2
CVE-2020-8185
Vulnerable Library - actionpack-6.0.2.2.gem
Web apps on Rails. Simple, battle-tested conventions for building and testing MVC web applications. Works with any Rack-compatible server.
Library home page: https://rubygems.org/gems/actionpack-6.0.2.2.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/actionpack-6.0.2.2.gem
Dependency Hierarchy:
- rspec-rails-4.0.0.gem (Root Library)
- ❌ actionpack-6.0.2.2.gem (Vulnerable Library)
Found in HEAD commit: 5473125c0050f0e991eee16c626c4cca1e562b27
Found in base branch: main
Vulnerability Details
A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production.
Publish Date: 2020-07-02
URL: CVE-2020-8185
CVSS 3 Score Details (6.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Release Date: 2020-07-02
Fix Resolution: v6.0.3.2
CVE-2020-8264
Vulnerable Library - actionpack-6.0.2.2.gem
Web apps on Rails. Simple, battle-tested conventions for building and testing MVC web applications. Works with any Rack-compatible server.
Library home page: https://rubygems.org/gems/actionpack-6.0.2.2.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/actionpack-6.0.2.2.gem
Dependency Hierarchy:
- rspec-rails-4.0.0.gem (Root Library)
- ❌ actionpack-6.0.2.2.gem (Vulnerable Library)
Found in HEAD commit: 5473125c0050f0e991eee16c626c4cca1e562b27
Found in base branch: main
Vulnerability Details
In actionpack gem >= 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed (in another page) a specially crafted URL which can allow the attacker to execute JavaScript in the context of the local application. This vulnerability is in the Actionable Exceptions middleware.
Publish Date: 2021-01-06
URL: CVE-2020-8264
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Release Date: 2021-01-06
Fix Resolution: v6.0.3.4
CVE-2022-32209
Vulnerable Library - rails-html-sanitizer-1.3.0.gem
HTML sanitization for Rails applications
Library home page: https://rubygems.org/gems/rails-html-sanitizer-1.3.0.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/rails-html-sanitizer-1.3.0.gem
Dependency Hierarchy:
- rspec-rails-4.0.0.gem (Root Library)
- railties-6.0.2.2.gem
- actionpack-6.0.2.2.gem
- ❌ rails-html-sanitizer-1.3.0.gem (Vulnerable Library)
Found in HEAD commit: 5473125c0050f0e991eee16c626c4cca1e562b27
Found in base branch: main
Vulnerability Details
Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3## ImpactA possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both select
and style
elements.Code is only impacted if allowed tags are being overridden. This may be done via application configuration:ruby# In config/application.rbconfig.action_view.sanitized_allowed_tags = ["select", "style"]
see https://guides.rubyonrails.org/configuring.html#configuring-action-viewOr it may be done with a :tags
option to the Action View helper sanitize
:<%= sanitize @comment.body, tags: ["select", "style"] %>
see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitizeOr it may be done with Rails::Html::SafeListSanitizer directly:ruby# class-level optionRails::Html::SafeListSanitizer.allowed_tags = ["select", "style"]
orruby# instance-level optionRails::Html::SafeListSanitizer.new.sanitize(@article.body, tags: ["select", "style"])
All users overriding the allowed tags by any of the above mechanisms to include both "select" and "style" should either upgrade or use one of the workarounds immediately.## ReleasesThe FIXED releases are available at the normal locations.## WorkaroundsRemove either select
or style
from the overridden allowed tags.## CreditsThis vulnerability was responsibly reported by windshock.
Publish Date: 2022-06-24
URL: CVE-2022-32209
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://discuss.rubyonrails.org/t/cve-2022-32209-possible-xss-vulnerability-in-rails-sanitizer/80800
Release Date: 2022-06-24
Fix Resolution: rails-html-sanitizer - 1.4.3
CVE-2021-22881
Vulnerable Library - actionpack-6.0.2.2.gem
Web apps on Rails. Simple, battle-tested conventions for building and testing MVC web applications. Works with any Rack-compatible server.
Library home page: https://rubygems.org/gems/actionpack-6.0.2.2.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/actionpack-6.0.2.2.gem
Dependency Hierarchy:
- rspec-rails-4.0.0.gem (Root Library)
- ❌ actionpack-6.0.2.2.gem (Vulnerable Library)
Found in HEAD commit: 5473125c0050f0e991eee16c626c4cca1e562b27
Found in base branch: main
Vulnerability Details
The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted Host
headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. Impacted applications will have allowed hosts with a leading dot. When an allowed host contains a leading dot, a specially crafted Host
header can be used to redirect to a malicious website.
Publish Date: 2021-02-11
URL: CVE-2021-22881
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://discuss.rubyonrails.org/t/cve-2021-22881-possible-open-redirect-in-host-authorization-middleware/77130
Release Date: 2021-02-11
Fix Resolution: 6.0.3.5,6.1.2.1
CVE-2021-22942
Vulnerable Library - actionpack-6.0.2.2.gem
Web apps on Rails. Simple, battle-tested conventions for building and testing MVC web applications. Works with any Rack-compatible server.
Library home page: https://rubygems.org/gems/actionpack-6.0.2.2.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/actionpack-6.0.2.2.gem
Dependency Hierarchy:
- rspec-rails-4.0.0.gem (Root Library)
- ❌ actionpack-6.0.2.2.gem (Vulnerable Library)
Found in HEAD commit: 5473125c0050f0e991eee16c626c4cca1e562b27
Found in base branch: main
Vulnerability Details
A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 that could allow attackers to redirect users to a malicious website.
Publish Date: 2021-10-18
URL: CVE-2021-22942
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-22942
Release Date: 2021-10-18
Fix Resolution: actionpack - 6.0.4.1,6.1.4.1
CVE-2022-22577
Vulnerable Library - actionpack-6.0.2.2.gem
Web apps on Rails. Simple, battle-tested conventions for building and testing MVC web applications. Works with any Rack-compatible server.
Library home page: https://rubygems.org/gems/actionpack-6.0.2.2.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/actionpack-6.0.2.2.gem
Dependency Hierarchy:
- rspec-rails-4.0.0.gem (Root Library)
- ❌ actionpack-6.0.2.2.gem (Vulnerable Library)
Found in HEAD commit: 5473125c0050f0e991eee16c626c4cca1e562b27
Found in base branch: main
Vulnerability Details
An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses.
Publish Date: 2022-05-26
URL: CVE-2022-22577
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: GHSA-mm33-5vfq-3mm3
Release Date: 2022-05-26
Fix Resolution: actionpack - 5.2.7.1,6.0.4.8,6.1.5.1,7.0.2.4
CVE-2022-27777
Vulnerable Library - actionview-6.0.2.2.gem
Simple, battle-tested conventions and helpers for building web pages.
Library home page: https://rubygems.org/gems/actionview-6.0.2.2.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/actionview-6.0.2.2.gem
Dependency Hierarchy:
- rspec-rails-4.0.0.gem (Root Library)
- railties-6.0.2.2.gem
- actionpack-6.0.2.2.gem
- ❌ actionview-6.0.2.2.gem (Vulnerable Library)
Found in HEAD commit: 5473125c0050f0e991eee16c626c4cca1e562b27
Found in base branch: main
Vulnerability Details
A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes.
Publish Date: 2022-05-26
URL: CVE-2022-27777
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: GHSA-ch3h-j2vf-95pv
Release Date: 2022-05-26
Fix Resolution: actionview - 5.2.7.1,6.0.4.8,6.1.5.1,7.0.2.4
CVE-2020-15169
Vulnerable Library - actionview-6.0.2.2.gem
Simple, battle-tested conventions and helpers for building web pages.
Library home page: https://rubygems.org/gems/actionview-6.0.2.2.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/actionview-6.0.2.2.gem
Dependency Hierarchy:
- rspec-rails-4.0.0.gem (Root Library)
- railties-6.0.2.2.gem
- actionpack-6.0.2.2.gem
- ❌ actionview-6.0.2.2.gem (Vulnerable Library)
Found in HEAD commit: 5473125c0050f0e991eee16c626c4cca1e562b27
Found in base branch: main
Vulnerability Details
In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default (not found) value of the t
and translate
helpers could be susceptible to XSS attacks. When an HTML-unsafe string is passed as the default for a missing translation key named html or ending in _html, the default string is incorrectly marked as HTML-safe and not escaped. This is patched in versions 6.0.3.3 and 5.2.4.4. A workaround without upgrading is proposed in the source advisory.
Publish Date: 2020-09-11
URL: CVE-2020-15169
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://rubygems.org/gems/actionview/versions/6.0.3.3
Release Date: 2020-09-11
Fix Resolution: 6.0.3.3, 5.2.4.4
CVE-2021-44528
Vulnerable Library - actionpack-6.0.2.2.gem
Web apps on Rails. Simple, battle-tested conventions for building and testing MVC web applications. Works with any Rack-compatible server.
Library home page: https://rubygems.org/gems/actionpack-6.0.2.2.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/actionpack-6.0.2.2.gem
Dependency Hierarchy:
- rspec-rails-4.0.0.gem (Root Library)
- ❌ actionpack-6.0.2.2.gem (Vulnerable Library)
Found in HEAD commit: 5473125c0050f0e991eee16c626c4cca1e562b27
Found in base branch: main
Vulnerability Details
A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an attacker to craft a "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website.
Publish Date: 2022-01-10
URL: CVE-2021-44528
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: GHSA-qphc-hf5q-v8fc
Release Date: 2022-01-10
Fix Resolution: actionpack - 6.0.4.2,6.1.4.2
CVE-2022-23634
Vulnerable Library - actionpack-6.0.2.2.gem
Web apps on Rails. Simple, battle-tested conventions for building and testing MVC web applications. Works with any Rack-compatible server.
Library home page: https://rubygems.org/gems/actionpack-6.0.2.2.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/actionpack-6.0.2.2.gem
Dependency Hierarchy:
- rspec-rails-4.0.0.gem (Root Library)
- ❌ actionpack-6.0.2.2.gem (Vulnerable Library)
Found in HEAD commit: 5473125c0050f0e991eee16c626c4cca1e562b27
Found in base branch: main
Vulnerability Details
Puma is a Ruby/Rack web server built for parallelism. Prior to puma
version 5.6.2
, puma
may not always call close
on the response body. Rails, prior to version 7.0.2.2
, depended on the response body being closed in order for its CurrentAttributes
implementation to work correctly. The combination of these two behaviors (Puma not closing the body + Rails' Executor implementation) causes information leakage. This problem is fixed in Puma versions 5.6.2 and 4.3.11. This problem is fixed in Rails versions 7.02.2, 6.1.4.6, 6.0.4.6, and 5.2.6.2. Upgrading to a patched Rails or Puma version fixes the vulnerability.
Publish Date: 2022-02-11
URL: CVE-2022-23634
CVSS 3 Score Details (5.9)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: GHSA-wh98-p28r-vrc9
Release Date: 2022-02-11
Fix Resolution: puma - 4.3.11, 5.6.2; actionpack - 5.2.6.2, 6.0.4.6, 6.1.4.6, 7.0.2.2
CVE-2022-23633
Vulnerable Library - actionpack-6.0.2.2.gem
Web apps on Rails. Simple, battle-tested conventions for building and testing MVC web applications. Works with any Rack-compatible server.
Library home page: https://rubygems.org/gems/actionpack-6.0.2.2.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/actionpack-6.0.2.2.gem
Dependency Hierarchy:
- rspec-rails-4.0.0.gem (Root Library)
- ❌ actionpack-6.0.2.2.gem (Vulnerable Library)
Found in HEAD commit: 5473125c0050f0e991eee16c626c4cca1e562b27
Found in base branch: main
Vulnerability Details
Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is not notified of a close
, ActionDispatch::Executor
will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests.This has been fixed in Rails 7.0.2.1, 6.1.4.5, 6.0.4.5, and 5.2.6.1. Upgrading is highly recommended, but to work around this problem a middleware described in GHSA-wh98-p28r-vrc9 can be used.
Publish Date: 2022-02-11
URL: CVE-2022-23633
CVSS 3 Score Details (5.9)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: GHSA-wh98-p28r-vrc9
Release Date: 2022-02-11
Fix Resolution: 5.2.6.2, 6.0.4.6, 6.1.4.6, 7.0.2.2