[Snyk] Fix for 126 vulnerabilities #5

AuMyers · 2024-09-05T09:26:39Z

Snyk has created this PR to fix 126 vulnerabilities in the rubygems dependencies of this project.

Snyk changed the following file(s):

Gemfile

⚠️

Warning

Failed to update the Gemfile.lock, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Arbitrary File Disclosure SNYK-RUBY-RACK-20058	****
	Timing Attack SNYK-RUBY-RACK-20059	****
	Denial of Service (DoS) SNYK-RUBY-RACK-20230	****
	Regular Expression Denial of Service (ReDoS) SNYK-RUBY-RACK-20398	****
	Arbitrary Code Injection SNYK-RUBY-RACK-2848599	****
	Denial of Service (DoS) SNYK-RUBY-RACK-2848600	****
	Denial of Service (DoS) SNYK-RUBY-RACK-3356639	****
	Information Exposure SNYK-RUBY-RACK-538324	****
	Directory Traversal SNYK-RUBY-RACK-569066	****
	Cross-site Request Forgery (CSRF) SNYK-RUBY-RACK-572377	****
	Regular Expression Denial of Service (ReDoS) SNYK-RUBY-RACK-6274383	****
	Regular Expression Denial of Service (ReDoS) SNYK-RUBY-RACK-6274384	****
	Denial of Service (DoS) SNYK-RUBY-RACK-6274385	****
	Cross-site Scripting (XSS) SNYK-RUBY-RACK-72567	****
	HTTP Header Caching Weakness SNYK-RUBY-RACKCACHE-20031	****
	Cross-site Scripting (XSS) SNYK-RUBY-RACKSSL-20101	****
	Access Restriction Bypass SNYK-RUBY-RAILS-472695	****
	SQL Injection SNYK-RUBY-RAILS-472697	****
	Timing Attack SNYK-RUBY-RAILTIES-20454	****
	Arbitrary Code Injection SNYK-RUBY-RAKE-552000	****
	Command Injection SNYK-RUBY-RDOC-1316279	****
	Cross-site Scripting (XSS) SNYK-RUBY-RDOC-20057	****
	Code Injection SNYK-RUBY-RDOC-6476871	****
	Arbitrary File Existence Exposure SNYK-RUBY-SPROCKETS-20199	****
	Directory Traversal SNYK-RUBY-SPROCKETS-22032	****
	Directory Traversal SNYK-RUBY-TZINFO-2958048	****
	Deserialization of Untrusted Data SNYK-RUBY-ACTIVESUPPORT-569598	834
	Use of vulnerable libxml2 SNYK-RUBY-NOKOGIRI-20432	826
	Directory Traversal SNYK-RUBY-ACTIONPACK-20158	804
	Arbitrary Code Execution SNYK-RUBY-ACTIONPACK-20047	794
	Remote Code Execution (RCE) SNYK-RUBY-ACTIVERECORD-2960802	704
	Cross-site Scripting (XSS) SNYK-RUBY-JQUERYRAILS-565439	701
	Denial of Service (DoS) SNYK-RUBY-NOKOGIRI-1293239	696
	Denial of Service (DoS) SNYK-RUBY-NOKOGIRI-6056551	696
	Denial of Service (DoS) SNYK-RUBY-NOKOGIRI-6056552	696
	Denial of Service (DoS) SNYK-RUBY-NOKOGIRI-6056553	696
	Denial of Service (DoS) SNYK-RUBY-NOKOGIRI-6056554	696
	Denial of Service (DoS) SNYK-RUBY-NOKOGIRI-6056555	696
	Heap-based Buffer Overflow SNYK-RUBY-NOKOGIRI-7164639	696
	Denial of Service (DoS) SNYK-RUBY-JSON-560838	679
	Uncontrolled Memory Allocation SNYK-RUBY-NOKOGIRI-534637	659
	Arbitrary Code Execution SNYK-RUBY-NOKOGIRI-20367	654
	Out of Bounds Memory Write SNYK-RUBY-NOKOGIRI-20368	654
	Denial of Service (DoS) SNYK-RUBY-NOKOGIRI-22014	654
	Cross-site Request Forgery (CSRF) SNYK-RUBY-ACTIONPACK-569599	646
	Information Exposure SNYK-RUBY-ACTIONPACK-569600	646
	XML External Entity (XXE) Injection SNYK-RUBY-NOKOGIRI-20298	644
	Cross-site Scripting (XSS) SNYK-RUBY-KAMINARI-570586	641
	Improper Handling of Unexpected Data Type SNYK-RUBY-NOKOGIRI-2840634	624
	Use After Free SNYK-RUBY-NOKOGIRI-2413994	619
	Command Injection SNYK-RUBY-NOKOGIRI-459107	619
	Web Cache Poisoning SNYK-RUBY-RACK-1061917	616
	Prototype Pollution SNYK-RUBY-JQUERYRAILS-450225	601
	Denial of Service (DoS) SNYK-RUBY-NOKOGIRI-552159	600
	Denial of Service (DoS) SNYK-RUBY-ACTIONPACK-1290052	589
	Denial of Service (DoS) SNYK-RUBY-ACTIONPACK-20256	589
	Denial of Service (DoS) SNYK-RUBY-ACTIVERECORD-3237239	589
	Denial of Service (DoS) SNYK-RUBY-I18N-72582	589
	XML External Entity (XXE) Injection SNYK-RUBY-NOKOGIRI-1726792	589
	Denial of Service (DoS) SNYK-RUBY-NOKOGIRI-22013	589
	Regular Expression Denial of Service (ReDoS) SNYK-RUBY-NOKOGIRI-2620374	589
	Out-of-bounds Write SNYK-RUBY-NOKOGIRI-2630623	589
	Denial of Service (DoS) SNYK-RUBY-NOKOGIRI-2630898	589
	NULL Pointer Dereference SNYK-RUBY-NOKOGIRI-3052880	589
	Denial of Service (DoS) SNYK-RUBY-NOKOGIRI-72433	589
	Information Exposure SNYK-RUBY-ACTIONPACK-1290051	586
	Information Exposure SNYK-RUBY-ACTIONPACK-2400638	584
	Data Injection SNYK-RUBY-ACTIVERECORD-1314522	579
	SQL Injection SNYK-RUBY-ACTIVERECORD-20044	579
	SQL Injection SNYK-RUBY-ACTIVERECORD-20185	579
	Denial of Service (DoS) SNYK-RUBY-JSON-20060	579
	Remote Shell Command Execution SNYK-RUBY-MAIL-20027	579
	Unsafe Query Generation Risk SNYK-RUBY-ACTIONPACK-20125	539
	Unsafe Query Generation SNYK-RUBY-ACTIVERECORD-20030	539
	JSON Parameter Parsing Query Bypass SNYK-RUBY-ACTIVERECORD-20046	539
	Cross-site Request Forgery (CSRF) SNYK-RUBY-JQUERYRAILS-575390	539
	Denial of Service (DoS) SNYK-RUBY-NOKOGIRI-1583442	539
	Security Bypass SNYK-RUBY-DEVISE-20055	529
	Access Control Bypass SNYK-RUBY-NOKOGIRI-3357693	529
	Use After Free SNYK-RUBY-NOKOGIRI-6228056	524
	Cross-site Scripting (XSS) SNYK-RUBY-ACTIVESUPPORT-3360028	519
	SMTP Injection SNYK-RUBY-MAIL-20244	519
	Denial of Service (DoS) SNYK-RUBY-ACTIVESUPPORT-20294	484
	Denial of Service (DoS) SNYK-RUBY-ACTIONPACK-20035	479
	Denial of Service (DoS) SNYK-RUBY-ACTIONPACK-20122	479
	Denial of Service (DoS) SNYK-RUBY-ACTIONPACK-20148	479
	Arbitrary File Existence Exposure SNYK-RUBY-ACTIONPACK-20200	479
	Regular Expression Denial of Service (ReDoS) SNYK-RUBY-ACTIONPACK-3237231	479
	Regular Expression Denial of Service (ReDoS) SNYK-RUBY-ACTIONPACK-3237232	479
	SQL Injection SNYK-RUBY-ACTIVERECORD-20029	479
	Denial of Service (DoS) SNYK-RUBY-ACTIVERECORD-20088	479
	Nested Attributes Rejection Bypass SNYK-RUBY-ACTIVERECORD-20259	479
	Information Exposure SNYK-RUBY-ACTIVERESOURCE-568275	479
	Denial of Service (DoS) SNYK-RUBY-ACTIVESUPPORT-20229	479
	Regular Expression Denial of Service (ReDoS) SNYK-RUBY-ACTIVESUPPORT-3237242	479
	Cross-site Request Forgery (CSRF) SNYK-RUBY-JQUERYRAILS-20225	479
	Directory Traversal SNYK-RUBY-MAIL-20026	479
	Information Exposure SNYK-RUBY-NOKOGIRI-20032	479
	XML External Entity (XXE) Injection SNYK-RUBY-NOKOGIRI-20127	479
	Denial of Service (DoS) SNYK-RUBY-NOKOGIRI-20129	479
	Denial of Service (DoS) SNYK-RUBY-NOKOGIRI-20157	479
	Denial of Service (DoS) SNYK-RUBY-NOKOGIRI-20214	479
	Denial of Service (DoS) SNYK-RUBY-RACK-20021	479
	Denial of Service (DoS) SNYK-RUBY-RACK-20045	479
	Cross-site Scripting (XSS) SNYK-RUBY-ACTIONPACK-5741907	449
	Denial of Service (DoS) SNYK-RUBY-ACTIONMAILER-20112	429
	Cross-site Scripting (XSS) SNYK-RUBY-ACTIONPACK-20020	429
	Cross-site Scripting (XSS) SNYK-RUBY-ACTIONPACK-20024	429
	Cross-site Scripting (XSS) SNYK-RUBY-ACTIONPACK-20037	429
	Cross-site Scripting (XSS) SNYK-RUBY-ACTIONPACK-20038	429
	Cross-site Scripting (XSS) SNYK-RUBY-ACTIONPACK-20087	429
	Cross-site Scripting (XSS) SNYK-RUBY-ACTIONPACK-20090	429
	Cross-site Scripting (XSS) SNYK-RUBY-ACTIONPACK-20121	429
	Cross-site Scripting (XSS) SNYK-RUBY-ACTIONPACK-20123	429
	Cross-site Scripting (XSS) SNYK-RUBY-ACTIONPACK-20147	429
	Arbitrary File Existence Exposure SNYK-RUBY-ACTIONPACK-20198	429
	Access Restriction Bypass SNYK-RUBY-ACTIVERECORD-20062	429
	Cross-site Scripting (XSS) SNYK-RUBY-ACTIVESUPPORT-20025	429
	Cross-site Scripting (XSS) SNYK-RUBY-ACTIVESUPPORT-20036	429
	Cross-site Scripting (XSS) SNYK-RUBY-I18N-20124	429
	Regular Expression Denial of Service (ReDoS) SNYK-RUBY-RACK-20028	429
	Denial of Service (DoS) SNYK-RUBY-RACK-20052	429
	CSRF Token Fixation SNYK-RUBY-DEVISE-20103	424
	Cross-site Scripting (XSS) SNYK-RUBY-ERUBIS-20482	424
	Timing Attack SNYK-RUBY-ACTIONPACK-20258	399
	XML External Entity (XXE) Injection SNYK-RUBY-NOKOGIRI-1055008	344

Important

Check the changes in this PR to ensure they won't cause issues with your project.
Max score is 1000. Note that the real score may have changed since the PR was raised.
This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service (DoS)
🦉 Cross-site Scripting (XSS)
🦉 Arbitrary Code Execution
🦉 More lessons are available in Snyk Learn

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"rspec-rails","from":"2.6.1","to":"4.0.0"},{"name":"sass-rails","from":"3.1.2","to":"6.0.0"},{"name":"spree","from":"0.70.0.rc2","to":"4.3.0"}],"env":"prod","issuesToFix":[{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONMAILER-20112","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONMAILER-20112","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONMAILER-20112","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONMAILER-20112","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONMAILER-20112","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONMAILER-20112","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONMAILER-20112","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-RUBY-ACTIONPACK-1290051","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-1290052","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20020","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20024","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20035","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20037","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20038","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"Mature","id":"SNYK-RUBY-ACTIONPACK-20047","priority_score":794,"priority_score_factors":[{"type":"exploit","label":"High","score":214},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary Code Execution"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20087","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20090","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20121","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20122","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20123","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20125","priority_score":539,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Unsafe Query Generation Risk"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20147","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20148","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"Mature","id":"SNYK-RUBY-ACTIONPACK-20158","priority_score":804,"priority_score_factors":[{"type":"exploit","label":"High","score":214},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Directory Traversal"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20198","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Arbitrary File Existence Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20200","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Arbitrary File Existence Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20256","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20258","priority_score":399,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Timing Attack"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-2400638","priority_score":584,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.4","score":370},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Information Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-3237231","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-3237232","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-RUBY-ACTIONPACK-569599","priority_score":646,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Request Forgery (CSRF)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-RUBY-ACTIONPACK-569600","priority_score":646,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-5741907","priority_score":449,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.7","score":235},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20087","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20090","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20121","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20122","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20123","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20125","priority_score":539,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Unsafe Query Generation Risk"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20147","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20148","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"Mature","id":"SNYK-RUBY-ACTIONPACK-20158","priority_score":804,"priority_score_factors":[{"type":"exploit","label":"High","score":214},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Directory Traversal"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20198","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Arbitrary File Existence Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20200","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Arbitrary File Existence Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20256","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20258","priority_score":399,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Timing Attack"},{"exploit_maturity":"Proof of Concept","id":"SNYK-RUBY-ACTIONPACK-1290051","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-1290052","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-2400638","priority_score":584,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.4","score":370},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Information Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-3237231","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-3237232","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-RUBY-ACTIONPACK-569599","priority_score":646,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Request Forgery (CSRF)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-RUBY-ACTIONPACK-569600","priority_score":646,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-5741907","priority_score":449,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.7","score":235},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20087","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20090","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20121","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20122","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20123","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20125","priority_score":539,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Unsafe Query Generation Risk"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20147","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20148","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"Mature","id":"SNYK-RUBY-ACTIONPACK-20158","priority_score":804,"priority_score_factors":[{"type":"exploit","label":"High","score":214},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Directory Traversal"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20198","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Arbitrary File Existence Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20200","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Arbitrary File Existence Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20256","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20258","priority_score":399,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Timing Attack"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20147","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20148","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"Mature","id":"SNYK-RUBY-ACTIONPACK-20158","priority_score":804,"priority_score_factors":[{"type":"exploit","label":"High","score":214},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Directory Traversal"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20198","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Arbitrary File Existence Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20200","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Arbitrary File Existence Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20256","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20258","priority_score":399,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Timing Attack"},{"exploit_maturity":"Proof of Concept","id":"SNYK-RUBY-ACTIONPACK-1290051","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-1290052","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-2400638","priority_score":584,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.4","score":370},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Information Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-3237231","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-3237232","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-RUBY-ACTIONPACK-569599","priority_score":646,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Request Forgery (CSRF)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-RUBY-ACTIONPACK-569600","priority_score":646,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-5741907","priority_score":449,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.7","score":235},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20020","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20024","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20035","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20037","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20038","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"Mature","id":"SNYK-RUBY-ACTIONPACK-20047","priority_score":794,"priority_score_factors":[{"type":"exploit","label":"High","score":214},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary Code Execution"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20087","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20090","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20020","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20024","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","l...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Fix for 126 vulnerabilities #5

[Snyk] Fix for 126 vulnerabilities #5

AuMyers commented Sep 5, 2024

[Snyk] Fix for 126 vulnerabilities #5

Are you sure you want to change the base?

[Snyk] Fix for 126 vulnerabilities #5

Conversation

AuMyers commented Sep 5, 2024

Snyk has created this PR to fix 126 vulnerabilities in the rubygems dependencies of this project.

Snyk changed the following file(s):

Vulnerabilities that will be fixed with an upgrade: