Vulnerable Library - rails-5.2.8.1.gem

Ruby on Rails is a full-stack web framework optimized for programmer happiness and sustainable productivity. It encourages beautiful code by favoring convention over configuration.

Library home page: https://rubygems.org/gems/rails-5.2.8.1.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /cache/rails-5.2.8.1.gem

CVE-2023-22794

Vulnerable Library - activerecord-5.2.8.1.gem

Databases on Rails. Build a persistent domain model by mapping database tables to Ruby classes. Strong conventions for associations, validations, aggregations, migrations, and testing come baked-in.

Library home page: https://rubygems.org/gems/activerecord-5.2.8.1.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/activerecord-5.2.8.1.gem

Dependency Hierarchy:

• rails-5.2.8.1.gem (Root Library)
  • ❌ activerecord-5.2.8.1.gem (Vulnerable Library)

Found in base branch: main

Vulnerability Details

A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the annotate query method, the optimizer_hints query method, or through the QueryLogs interface which automatically adds annotations, it may be sent to the database withinsufficient sanitization and be able to inject SQL outside of the comment.

Publish Date: 2023-02-09

URL: CVE-2023-22794

CVSS 3 Score Details (8.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: GHSA-hq7p-j377-6v63

Release Date: 2023-02-09

Fix Resolution: activerecord - 6.0.6.1,6.1.7.1,7.0.4.1

CVE-2023-22799

Vulnerable Library - globalid-1.0.0.gem

URIs for your models makes it easy to pass references around.

Library home page: https://rubygems.org/gems/globalid-1.0.0.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/globalid-1.0.0.gem

Dependency Hierarchy:

• rails-5.2.8.1.gem (Root Library)
  • activejob-5.2.8.1.gem
    • ❌ globalid-1.0.0.gem (Vulnerable Library)

Found in base branch: main

Vulnerability Details

A ReDoS based DoS vulnerability in the GlobalID <1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an affected release should either upgrade or use one of the workarounds immediately.

Publish Date: 2023-02-09

URL: CVE-2023-22799

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: GHSA-23c2-gwp5-pxw9

Release Date: 2023-02-09

Fix Resolution: globalid - 1.0.1

CVE-2022-44566

Vulnerable Library - activerecord-5.2.8.1.gem

Databases on Rails. Build a persistent domain model by mapping database tables to Ruby classes. Strong conventions for associations, validations, aggregations, migrations, and testing come baked-in.

Library home page: https://rubygems.org/gems/activerecord-5.2.8.1.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/activerecord-5.2.8.1.gem

Dependency Hierarchy:

• rails-5.2.8.1.gem (Root Library)
  • ❌ activerecord-5.2.8.1.gem (Vulnerable Library)

Found in base branch: main

Vulnerability Details

A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter <7.0.4.1 and <6.1.7.1. When a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric. Comparing integer values against numeric values can result in a slow sequential scan resulting in potential Denial of Service.

Publish Date: 2023-02-09

URL: CVE-2022-44566

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: GHSA-579w-22j4-4749

Release Date: 2023-02-09

Fix Resolution: activerecord - 6.1.7.1,7.0.4.1

CVE-2023-28120

Vulnerable Library - rails-5.2.8.1.gem

Ruby on Rails is a full-stack web framework optimized for programmer happiness and sustainable productivity. It encourages beautiful code by favoring convention over configuration.

Library home page: https://rubygems.org/gems/rails-5.2.8.1.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /cache/rails-5.2.8.1.gem

Dependency Hierarchy:

• ❌ rails-5.2.8.1.gem (Vulnerable Library)

Found in base branch: main

Vulnerability Details

A Possible XSS Security Vulnerability was discovered in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input. ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input. All versions before 6.1.7.3 and 7.x before 7.0.4.3 are affected.

Publish Date: 2023-03-11

URL: CVE-2023-28120

CVSS 3 Score Details (6.1)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: https://discuss.rubyonrails.org/t/cve-2023-28120-possible-xss-security-vulnerability-in-safebuffer-bytesplice/82469

Release Date: 2023-03-11

Fix Resolution: rails - 6.1.7.3,7.0.4.3

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2023-23913

Vulnerable Library - rails-5.2.8.1.gem

Ruby on Rails is a full-stack web framework optimized for programmer happiness and sustainable productivity. It encourages beautiful code by favoring convention over configuration.

Library home page: https://rubygems.org/gems/rails-5.2.8.1.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /cache/rails-5.2.8.1.gem

Dependency Hierarchy:

• ❌ rails-5.2.8.1.gem (Vulnerable Library)

Found in base branch: main

Vulnerability Details

There is a potential DOM based cross-site scripting issue in rails-ujs from 5.1.0 before 6.1.7.3 and 7.0.0 before 7.0.4.3, which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML content from the clipboard that includes a data-method, data-remote or data-disable-with attribute.

Publish Date: 2023-01-20

URL: CVE-2023-23913

CVSS 3 Score Details (6.1)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: https://discuss.rubyonrails.org/t/cve-2023-23913-dom-based-cross-site-scripting-in-rails-ujs-for-contenteditable-html-elements/82468

Release Date: 2023-01-20

Fix Resolution: rails - 6.1.7.3,7.0.4.3

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2024-26144

Vulnerable Library - rails-5.2.8.1.gem

Ruby on Rails is a full-stack web framework optimized for programmer happiness and sustainable productivity. It encourages beautiful code by favoring convention over configuration.

Library home page: https://rubygems.org/gems/rails-5.2.8.1.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /cache/rails-5.2.8.1.gem

Dependency Hierarchy:

• ❌ rails-5.2.8.1.gem (Vulnerable Library)

Found in base branch: main

Vulnerability Details

Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain proxies may cache the Set-Cookie, leading to an information leak. The vulnerability is fixed in 7.0.8.1 and 6.1.7.7.

Publish Date: 2024-02-27

URL: CVE-2024-26144

CVSS 3 Score Details (5.3)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: None
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: GHSA-8h22-8cf7-hq6g

Release Date: 2024-02-27

Fix Resolution: rails - 6.1.7.7,7.0.8.1

⛑️ Automatic Remediation will be attempted for this issue.

Vulnerable Library - sass-rails-5.0.7.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/rack-2.0.6.gem

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

CVE-2022-30123

Vulnerable Library - rack-2.0.6.gem

Rack provides a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between (the so-called middleware) into a single method call.

Also see https://rack.github.io/.

Library home page: https://rubygems.org/gems/rack-2.0.6.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/rack-2.0.6.gem

Dependency Hierarchy:

• sass-rails-5.0.7.gem (Root Library)
  • railties-5.2.2.gem
    • actionpack-5.2.2.gem
      • ❌ rack-2.0.6.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

There is a possible shell escape sequence injection vulnerability in the Lint and CommonLogger components of Rack before 2.0.9.1,2.1.4.1,2.2.3.1

Publish Date: 2022-05-03

URL: CVE-2022-30123

CVSS 3 Score Details (9.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: GHSA-wq4h-7r42-5hrr

Release Date: 2022-05-03

Fix Resolution: rack - 2.0.9.1,2.1.4.1,2.2.3.1

CVE-2019-5477

Vulnerable Library - nokogiri-1.10.0.gem

Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser. Among Nokogiri's many features is the ability to search documents via XPath or CSS3 selectors.

Library home page: https://rubygems.org/gems/nokogiri-1.10.0.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/nokogiri-1.10.0.gem

Dependency Hierarchy:

• sass-rails-5.0.7.gem (Root Library)
  • railties-5.2.2.gem
    • actionpack-5.2.2.gem
      • rails-html-sanitizer-1.0.4.gem
        • loofah-2.2.3.gem
          • ❌ nokogiri-1.10.0.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizer#load_file is being called with unsafe user input as the filename. This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.

Publish Date: 2019-08-16

URL: CVE-2019-5477

CVSS 3 Score Details (9.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Release Date: 2020-10-16

Fix Resolution: nokogiri-v1.10.4, rexical-v1.0.7

WS-2022-0089

Vulnerable Library - nokogiri-1.10.0.gem

Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser. Among Nokogiri's many features is the ability to search documents via XPath or CSS3 selectors.

Library home page: https://rubygems.org/gems/nokogiri-1.10.0.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/nokogiri-1.10.0.gem

Dependency Hierarchy:

• sass-rails-5.0.7.gem (Root Library)
  • railties-5.2.2.gem
    • actionpack-5.2.2.gem
      • rails-html-sanitizer-1.0.4.gem
        • loofah-2.2.3.gem
          • ❌ nokogiri-1.10.0.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

Nokogiri before version 1.13.2 is vulnerable.

Publish Date: 2022-03-01

URL: WS-2022-0089

CVSS 3 Score Details (8.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: GHSA-fq42-c5rg-92c2

Release Date: 2022-03-01

Fix Resolution: nokogiri - v1.13.2

CVE-2020-8161

Vulnerable Library - rack-2.0.6.gem

Rack provides a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between (the so-called middleware) into a single method call.

Also see https://rack.github.io/.

Library home page: https://rubygems.org/gems/rack-2.0.6.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/rack-2.0.6.gem

Dependency Hierarchy:

• sass-rails-5.0.7.gem (Root Library)
  • railties-5.2.2.gem
    • actionpack-5.2.2.gem
      • ❌ rack-2.0.6.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure.

Publish Date: 2020-07-02

URL: CVE-2020-8161

CVSS 3 Score Details (8.6)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Changed
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Release Date: 2020-07-02

Fix Resolution: 2.2.0,2.1.3

CVE-2022-29181

Vulnerable Library - nokogiri-1.10.0.gem

Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser. Among Nokogiri's many features is the ability to search documents via XPath or CSS3 selectors.

Library home page: https://rubygems.org/gems/nokogiri-1.10.0.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/nokogiri-1.10.0.gem

Dependency Hierarchy:

• sass-rails-5.0.7.gem (Root Library)
  • railties-5.2.2.gem
    • actionpack-5.2.2.gem
      • rails-html-sanitizer-1.0.4.gem
        • loofah-2.2.3.gem
          • ❌ nokogiri-1.10.0.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a String by calling #to_s or equivalent.

Publish Date: 2022-05-20

URL: CVE-2022-29181

CVSS 3 Score Details (8.2)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: None
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29181

Release Date: 2022-05-20

Fix Resolution: nokogiri - 1.13.6

CVE-2020-8164

Vulnerable Library - actionpack-5.2.2.gem

Web apps on Rails. Simple, battle-tested conventions for building and testing MVC web applications. Works with any Rack-compatible server.

Library home page: https://rubygems.org/gems/actionpack-5.2.2.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/actionpack-5.2.2.gem

Dependency Hierarchy:

• sass-rails-5.0.7.gem (Root Library)
  • railties-5.2.2.gem
    • ❌ actionpack-5.2.2.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters.

Publish Date: 2020-06-19

URL: CVE-2020-8164

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: GHSA-8727-m6gj-mc37

Release Date: 2020-06-19

Fix Resolution: 5.2.4.3,6.0.3.1

CVE-2020-8184

Vulnerable Library - rack-2.0.6.gem

Rack provides a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between (the so-called middleware) into a single method call.

Also see https://rack.github.io/.

Library home page: https://rubygems.org/gems/rack-2.0.6.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/rack-2.0.6.gem

Dependency Hierarchy:

• sass-rails-5.0.7.gem (Root Library)
  • railties-5.2.2.gem
    • actionpack-5.2.2.gem
      • ❌ rack-2.0.6.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.

Publish Date: 2020-06-19

URL: CVE-2020-8184

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: High
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: https://groups.google.com/forum/#!topic/rubyonrails-security/OWtmozPH9Ak

Release Date: 2020-06-19

Fix Resolution: rack - 2.1.4, 2.2.3

CVE-2021-41098

Vulnerable Library - nokogiri-1.10.0.gem

Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser. Among Nokogiri's many features is the ability to search documents via XPath or CSS3 selectors.

Library home page: https://rubygems.org/gems/nokogiri-1.10.0.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/nokogiri-1.10.0.gem

Dependency Hierarchy:

• sass-rails-5.0.7.gem (Root Library)
  • railties-5.2.2.gem
    • actionpack-5.2.2.gem
      • rails-html-sanitizer-1.0.4.gem
        • loofah-2.2.3.gem
          • ❌ nokogiri-1.10.0.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parser resolves external entities by default. Users of Nokogiri on JRuby who parse untrusted documents using any of these classes are affected: Nokogiri::XML::SAX::Parse, Nokogiri::HTML4::SAX::Parser or its alias Nokogiri::HTML::SAX::Parser, Nokogiri::XML::SAX::PushParser, and Nokogiri::HTML4::SAX::PushParser or its alias Nokogiri::HTML::SAX::PushParser. JRuby users should upgrade to Nokogiri v1.12.5 or later to receive a patch for this issue. There are no workarounds available for v1.12.4 or earlier. CRuby users are not affected.

Publish Date: 2021-09-27

URL: CVE-2021-41098

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41098

Release Date: 2021-09-27

Fix Resolution: nokogiri - 1.12.5

CVE-2022-30122

Vulnerable Library - rack-2.0.6.gem

Rack provides a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between (the so-called middleware) into a single method call.

Also see https://rack.github.io/.

Library home page: https://rubygems.org/gems/rack-2.0.6.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/rack-2.0.6.gem

Dependency Hierarchy:

• sass-rails-5.0.7.gem (Root Library)
  • railties-5.2.2.gem
    • actionpack-5.2.2.gem
      • ❌ rack-2.0.6.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

There is a possible denial of service vulnerability in the multipart parsing component of Rack before 2.0.9.1,2.1.4.1,2.2.3.1

Publish Date: 2022-05-03

URL: CVE-2022-30122

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: GHSA-hxqx-xwvh-44m2

Release Date: 2022-05-03

Fix Resolution: rack - 2.0.9.1,2.1.4.1,2.2.3.1

CVE-2020-7595

Vulnerable Library - nokogiri-1.10.0.gem

Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser. Among Nokogiri's many features is the ability to search documents via XPath or CSS3 selectors.

Library home page: https://rubygems.org/gems/nokogiri-1.10.0.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/nokogiri-1.10.0.gem

Dependency Hierarchy:

• sass-rails-5.0.7.gem (Root Library)
  • railties-5.2.2.gem
    • actionpack-5.2.2.gem
      • rails-html-sanitizer-1.0.4.gem
        • loofah-2.2.3.gem
          • ❌ nokogiri-1.10.0.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.

Publish Date: 2020-01-21

URL: CVE-2020-7595

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2020-7595

Release Date: 2020-01-21

Fix Resolution: nokogiri - 1.10.8

CVE-2021-22885

Vulnerable Library - actionpack-5.2.2.gem

Web apps on Rails. Simple, battle-tested conventions for building and testing MVC web applications. Works with any Rack-compatible server.

Library home page: https://rubygems.org/gems/actionpack-5.2.2.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/actionpack-5.2.2.gem

Dependency Hierarchy:

• sass-rails-5.0.7.gem (Root Library)
  • railties-5.2.2.gem
    • ❌ actionpack-5.2.2.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the redirect_to or polymorphic_urlhelper with untrusted user input.

Publish Date: 2021-05-27

URL: CVE-2021-22885

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: GHSA-hjg4-8q5f-x6fm

Release Date: 2021-05-27

Fix Resolution: actionpack - 5.2.4.6,5.2.6,6.0.3.7,6.1.3.2

CVE-2022-24836

Vulnerable Library - nokogiri-1.10.0.gem

Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser. Among Nokogiri's many features is the ability to search documents via XPath or CSS3 selectors.

Library home page: https://rubygems.org/gems/nokogiri-1.10.0.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/nokogiri-1.10.0.gem

Dependency Hierarchy:

• sass-rails-5.0.7.gem (Root Library)
  • railties-5.2.2.gem
    • actionpack-5.2.2.gem
      • rails-html-sanitizer-1.0.4.gem
        • loofah-2.2.3.gem
          • ❌ nokogiri-1.10.0.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

Nokogiri is an open source XML and HTML library for Ruby. Nokogiri < v1.13.4 contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri >= 1.13.4. There are no known workarounds for this issue.

Publish Date: 2022-04-11

URL: CVE-2022-24836

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: GHSA-crjr-9rc5-ghw8

Release Date: 2022-04-11

Fix Resolution: nokogiri - 1.13.4

CVE-2021-22904

Vulnerable Library - actionpack-5.2.2.gem

Web apps on Rails. Simple, battle-tested conventions for building and testing MVC web applications. Works with any Rack-compatible server.

Library home page: https://rubygems.org/gems/actionpack-5.2.2.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/actionpack-5.2.2.gem

Dependency Hierarchy:

• sass-rails-5.0.7.gem (Root Library)
  • railties-5.2.2.gem
    • ❌ actionpack-5.2.2.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses authenticate_or_request_with_http_token or authenticate_with_http_token for request authentication.

Publish Date: 2021-06-11

URL: CVE-2021-22904

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Release Date: 2021-06-11

Fix Resolution: actionpack - 5.2.4.6,5.2.6,6.0.3.7,6.1.3.2

CVE-2019-5418

Vulnerable Libraries - actionpack-5.2.2.gem, actionview-5.2.2.gem

actionpack-5.2.2.gem

Web apps on Rails. Simple, battle-tested conventions for building and testing MVC web applications. Works with any Rack-compatible server.

Library home page: https://rubygems.org/gems/actionpack-5.2.2.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/actionpack-5.2.2.gem

Dependency Hierarchy:

• sass-rails-5.0.7.gem (Root Library)
  • railties-5.2.2.gem
    • ❌ actionpack-5.2.2.gem (Vulnerable Library)

actionview-5.2.2.gem

Simple, battle-tested conventions and helpers for building web pages.

Library home page: https://rubygems.org/gems/actionview-5.2.2.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/actionview-5.2.2.gem

Dependency Hierarchy:

• sass-rails-5.0.7.gem (Root Library)
  • railties-5.2.2.gem
    • actionpack-5.2.2.gem
      • ❌ actionview-5.2.2.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.

Publish Date: 2019-03-27

URL: CVE-2019-5418

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/

Release Date: 2020-10-16

Fix Resolution: 4.2.11.1, 5.0.7.2, 5.1.6.2, 5.2.2.1

CVE-2020-8130

Vulnerable Library - rake-12.3.2.gem

Rake is a Make-like program implemented in Ruby. Tasks and dependencies are specified in standard Ruby syntax. Rake has the following features: * Rakefiles (rake's version of Makefiles) are completely defined in standard Ruby syntax. No XML files to edit. No quirky Makefile syntax to worry about (is that a tab or a space?) * Users can specify tasks with prerequisites. * Rake supports rule patterns to synthesize implicit tasks. * Flexible FileLists that act like arrays but know about manipulating file names and paths. * Supports parallel execution of tasks.

Library home page: https://rubygems.org/gems/rake-12.3.2.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/rake-12.3.2.gem

Dependency Hierarchy:

• sass-rails-5.0.7.gem (Root Library)
  • railties-5.2.2.gem
    • ❌ rake-12.3.2.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character |.

Publish Date: 2020-02-24

URL: CVE-2020-8130

CVSS 3 Score Details (6.4)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Local
  • Attack Complexity: High
  • Privileges Required: High
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8130

Release Date: 2020-06-30

Fix Resolution: v12.3.3

CVE-2022-32209

Vulnerable Library - rails-html-sanitizer-1.0.4.gem

HTML sanitization for Rails applications

Library home page: https://rubygems.org/gems/rails-html-sanitizer-1.0.4.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/rails-html-sanitizer-1.0.4.gem

Dependency Hierarchy:

• sass-rails-5.0.7.gem (Root Library)
  • railties-5.2.2.gem
    • actionpack-5.2.2.gem
      • ❌ rails-html-sanitizer-1.0.4.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3## ImpactA possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both select and style elements.Code is only impacted if allowed tags are being overridden. This may be done via application configuration:ruby# In config/application.rbconfig.action_view.sanitized_allowed_tags = ["select", "style"]see https://guides.rubyonrails.org/configuring.html#configuring-action-viewOr it may be done with a :tags option to the Action View helper sanitize:<%= sanitize @comment.body, tags: ["select", "style"] %>see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitizeOr it may be done with Rails::Html::SafeListSanitizer directly:ruby# class-level optionRails::Html::SafeListSanitizer.allowed_tags = ["select", "style"]orruby# instance-level optionRails::Html::SafeListSanitizer.new.sanitize(@article.body, tags: ["select", "style"])All users overriding the allowed tags by any of the above mechanisms to include both "select" and "style" should either upgrade or use one of the workarounds immediately.## ReleasesThe FIXED releases are available at the normal locations.## WorkaroundsRemove either select or style from the overridden allowed tags.## CreditsThis vulnerability was responsibly reported by windshock.

Publish Date: 2022-06-24

URL: CVE-2022-32209

CVSS 3 Score Details (6.1)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: https://discuss.rubyonrails.org/t/cve-2022-32209-possible-xss-vulnerability-in-rails-sanitizer/80800

Release Date: 2022-06-24

Fix Resolution: rails-html-sanitizer - 1.4.3

CVE-2022-22577

Vulnerable Library - actionpack-5.2.2.gem

Web apps on Rails. Simple, battle-tested conventions for building and testing MVC web applications. Works with any Rack-compatible server.

Library home page: https://rubygems.org/gems/actionpack-5.2.2.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/actionpack-5.2.2.gem

Dependency Hierarchy:

• sass-rails-5.0.7.gem (Root Library)
  • railties-5.2.2.gem
    • ❌ actionpack-5.2.2.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses.

Publish Date: 2022-05-26

URL: CVE-2022-22577

CVSS 3 Score Details (6.1)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: GHSA-mm33-5vfq-3mm3

Release Date: 2022-05-26

Fix Resolution: actionpack - 5.2.7.1,6.0.4.8,6.1.5.1,7.0.2.4

CVE-2022-27777

Vulnerable Library - actionview-5.2.2.gem

Simple, battle-tested conventions and helpers for building web pages.

Library home page: https://rubygems.org/gems/actionview-5.2.2.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/actionview-5.2.2.gem

Dependency Hierarchy:

• sass-rails-5.0.7.gem (Root Library)
  • railties-5.2.2.gem
    • actionpack-5.2.2.gem
      • ❌ actionview-5.2.2.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes.

Publish Date: 2022-05-26

URL: CVE-2022-27777

CVSS 3 Score Details (6.1)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: GHSA-ch3h-j2vf-95pv

Release Date: 2022-05-26

Fix Resolution: actionview - 5.2.7.1,6.0.4.8,6.1.5.1,7.0.2.4

CVE-2020-15169

Vulnerable Library - actionview-5.2.2.gem

Simple, battle-tested conventions and helpers for building web pages.

Library home page: https://rubygems.org/gems/actionview-5.2.2.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/actionview-5.2.2.gem

Dependency Hierarchy:

• sass-rails-5.0.7.gem (Root Library)
  • railties-5.2.2.gem
    • actionpack-5.2.2.gem
      • ❌ actionview-5.2.2.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default (not found) value of the t and translate helpers could be susceptible to XSS attacks. When an HTML-unsafe string is passed as the default for a missing translation key named html or ending in _html, the default string is incorrectly marked as HTML-safe and not escaped. This is patched in versions 6.0.3.3 and 5.2.4.4. A workaround without upgrading is proposed in the source advisory.

Publish Date: 2020-09-11

URL: CVE-2020-15169

CVSS 3 Score Details (6.1)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: https://rubygems.org/gems/actionview/versions/6.0.3.3

Release Date: 2020-09-11

Fix Resolution: 6.0.3.3, 5.2.4.4

CVE-2019-16782

Vulnerable Library - rack-2.0.6.gem

Rack provides a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between (the so-called middleware) into a single method call.

Also see https://rack.github.io/.

Library home page: https://rubygems.org/gems/rack-2.0.6.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/rack-2.0.6.gem

Dependency Hierarchy:

• sass-rails-5.0.7.gem (Root Library)
  • railties-5.2.2.gem
    • actionpack-5.2.2.gem
      • ❌ rack-2.0.6.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

There's a possible information leak / session hijack vulnerability in Rack (RubyGem rack). This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session. The session id itself may be generated randomly, but the way the session is indexed by the backing store does not use a secure comparison.

Publish Date: 2019-12-18

URL: CVE-2019-16782

CVSS 3 Score Details (5.9)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16782

Release Date: 2019-12-18

Fix Resolution: 1.6.12;2.0.8

CVE-2022-23634

Vulnerable Library - actionpack-5.2.2.gem

Web apps on Rails. Simple, battle-tested conventions for building and testing MVC web applications. Works with any Rack-compatible server.

Library home page: https://rubygems.org/gems/actionpack-5.2.2.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/actionpack-5.2.2.gem

Dependency Hierarchy:

• sass-rails-5.0.7.gem (Root Library)
  • railties-5.2.2.gem
    • ❌ actionpack-5.2.2.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

Puma is a Ruby/Rack web server built for parallelism. Prior to puma version 5.6.2, puma may not always call close on the response body. Rails, prior to version 7.0.2.2, depended on the response body being closed in order for its CurrentAttributes implementation to work correctly. The combination of these two behaviors (Puma not closing the body + Rails' Executor implementation) causes information leakage. This problem is fixed in Puma versions 5.6.2 and 4.3.11. This problem is fixed in Rails versions 7.02.2, 6.1.4.6, 6.0.4.6, and 5.2.6.2. Upgrading to a patched Rails or Puma version fixes the vulnerability.

Publish Date: 2022-02-11

URL: CVE-2022-23634

CVSS 3 Score Details (5.9)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: GHSA-wh98-p28r-vrc9

Release Date: 2022-02-11

Fix Resolution: puma - 4.3.11, 5.6.2; actionpack - 5.2.6.2, 6.0.4.6, 6.1.4.6, 7.0.2.2

CVE-2022-23633

Vulnerable Library - actionpack-5.2.2.gem

Web apps on Rails. Simple, battle-tested conventions for building and testing MVC web applications. Works with any Rack-compatible server.

Library home page: https://rubygems.org/gems/actionpack-5.2.2.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/actionpack-5.2.2.gem

Dependency Hierarchy:

• sass-rails-5.0.7.gem (Root Library)
  • railties-5.2.2.gem
    • ❌ actionpack-5.2.2.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is not notified of a close, ActionDispatch::Executor will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests.This has been fixed in Rails 7.0.2.1, 6.1.4.5, 6.0.4.5, and 5.2.6.1. Upgrading is highly recommended, but to work around this problem a middleware described in GHSA-wh98-p28r-vrc9 can be used.

Publish Date: 2022-02-11

URL: CVE-2022-23633

CVSS 3 Score Details (5.9)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: GHSA-wh98-p28r-vrc9

Release Date: 2022-02-11

Fix Resolution: 5.2.6.2, 6.0.4.6, 6.1.4.6, 7.0.2.2

CVE-2019-15587

Vulnerable Library - loofah-2.2.3.gem

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments. It's built on top of Nokogiri and libxml2, so it's fast and has a nice API.

Loofah excels at HTML sanitization (XSS prevention). It includes some
nice HTML sanitizers, which are based on HTML5lib's whitelist, so it
most likely won't make your codes less secure. (These statements have
not been evaluated by Netexperts.)

ActiveRecord extensions for sanitization are available in the
loofah-activerecord gem.

Library home page: https://rubygems.org/gems/loofah-2.2.3.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/loofah-2.2.3.gem

Dependency Hierarchy:

• sass-rails-5.0.7.gem (Root Library)
  • railties-5.2.2.gem
    • actionpack-5.2.2.gem
      • rails-html-sanitizer-1.0.4.gem
        • ❌ loofah-2.2.3.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.

Publish Date: 2019-10-22

URL: CVE-2019-15587

CVSS 3 Score Details (5.4)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: Required
  • Scope: Changed
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15587

Release Date: 2020-09-17

Fix Resolution: v2.3.1

Vulnerable Library - puma-3.12.0.gem

Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Puma is intended for use in both development and production environments. It's great for highly concurrent Ruby implementations such as Rubinius and JRuby as well as as providing process worker support to support CRuby well.

Library home page: https://rubygems.org/gems/puma-3.12.0.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /cache/puma-3.12.0.gem

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

CVE-2020-11077

Vulnerable Library - puma-3.12.0.gem

Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Puma is intended for use in both development and production environments. It's great for highly concurrent Ruby implementations such as Rubinius and JRuby as well as as providing process worker support to support CRuby well.

Library home page: https://rubygems.org/gems/puma-3.12.0.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /cache/puma-3.12.0.gem

Dependency Hierarchy:

• ❌ puma-3.12.0.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request's body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. This is a similar but different vulnerability from CVE-2020-11076. The problem has been fixed in Puma 3.12.6 and Puma 4.3.5.

Publish Date: 2020-05-22

URL: CVE-2020-11077

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: High
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: GHSA-w64w-qqph-5gxm

Release Date: 2020-10-07

Fix Resolution: puma - 3.12.5,4.3.4

⛑️ Automatic Remediation is available for this issue

CVE-2021-29509

Vulnerable Library - puma-3.12.0.gem

Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Puma is intended for use in both development and production environments. It's great for highly concurrent Ruby implementations such as Rubinius and JRuby as well as as providing process worker support to support CRuby well.

Library home page: https://rubygems.org/gems/puma-3.12.0.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /cache/puma-3.12.0.gem

Dependency Hierarchy:

• ❌ puma-3.12.0.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted from having their requests starved by greedy persistent-connections saturating all threads in the same process. However, new connections may still be starved by greedy persistent-connections saturating all threads in all processes in the cluster. A puma server which received more concurrent keep-alive connections than the server had threads in its threadpool would service only a subset of connections, denying service to the unserved connections. This problem has been fixed in puma 4.3.8 and 5.3.1. Setting queue_requests false also fixes the issue. This is not advised when using puma without a reverse proxy, such as nginx or apache, because you will open yourself to slow client attacks (e.g. slowloris). The fix is very small and a git patch is available for those using unsupported versions of Puma.

Publish Date: 2021-05-11

URL: CVE-2021-29509

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: GHSA-q28m-8xjw-8vr5

Release Date: 2021-05-11

Fix Resolution: puma - 4.3.8,5.3.1

⛑️ Automatic Remediation is available for this issue

CVE-2020-11076

Vulnerable Library - puma-3.12.0.gem

Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Puma is intended for use in both development and production environments. It's great for highly concurrent Ruby implementations such as Rubinius and JRuby as well as as providing process worker support to support CRuby well.

Library home page: https://rubygems.org/gems/puma-3.12.0.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /cache/puma-3.12.0.gem

Dependency Hierarchy:

• ❌ puma-3.12.0.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4.

Publish Date: 2020-05-22

URL: CVE-2020-11076

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: High
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: GHSA-x7jg-6pwg-fx5h

Release Date: 2020-10-07

Fix Resolution: puma - 3.12.5;4.3.4

CVE-2020-5247

Vulnerable Library - puma-3.12.0.gem

Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Puma is intended for use in both development and production environments. It's great for highly concurrent Ruby implementations such as Rubinius and JRuby as well as as providing process worker support to support CRuby well.

Library home page: https://rubygems.org/gems/puma-3.12.0.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /cache/puma-3.12.0.gem

Dependency Hierarchy:

• ❌ puma-3.12.0.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. CR, LF or/r, /n) to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS). This is related to CVE-2019-16254, which fixed this vulnerability for the WEBrick Ruby web server. This has been fixed in versions 4.3.2 and 3.12.3 by checking all headers for line endings and rejecting headers with those characters.

Publish Date: 2020-02-28

URL: CVE-2020-5247

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: High
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: GHSA-84j7-475p-hp8v

Release Date: 2020-04-09

Fix Resolution: 3.12.3;4.3.2

CVE-2019-16770

Vulnerable Library - puma-3.12.0.gem

Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Puma is intended for use in both development and production environments. It's great for highly concurrent Ruby implementations such as Rubinius and JRuby as well as as providing process worker support to support CRuby well.

Library home page: https://rubygems.org/gems/puma-3.12.0.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /cache/puma-3.12.0.gem

Dependency Hierarchy:

• ❌ puma-3.12.0.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait permanently if the attacker sends requests frequently enough. This vulnerability is patched in Puma 4.3.1 and 3.12.2.

Publish Date: 2019-12-05

URL: CVE-2019-16770

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16770

Release Date: 2020-05-06

Fix Resolution: v4.3.1

⛑️ Automatic Remediation is available for this issue

CVE-2020-5249

Vulnerable Library - puma-3.12.0.gem

Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Puma is intended for use in both development and production environments. It's great for highly concurrent Ruby implementations such as Rubinius and JRuby as well as as providing process worker support to support CRuby well.

Library home page: https://rubygems.org/gems/puma-3.12.0.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /cache/puma-3.12.0.gem

Dependency Hierarchy:

• ❌ puma-3.12.0.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

In Puma (RubyGem) before 4.3.3 and 3.12.4, if an application using Puma allows untrusted input in an early-hints header, an attacker can use a carriage return character to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS). This is related to CVE-2020-5247, which fixed this vulnerability but only for regular responses. This has been fixed in 4.3.3 and 3.12.4.

Publish Date: 2020-03-02

URL: CVE-2020-5249

CVSS 3 Score Details (6.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: High
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5249

Release Date: 2020-04-09

Fix Resolution: puma - 3.12.4,4.3.3

⛑️ Automatic Remediation is available for this issue

CVE-2022-23634

Vulnerable Library - puma-3.12.0.gem

Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Puma is intended for use in both development and production environments. It's great for highly concurrent Ruby implementations such as Rubinius and JRuby as well as as providing process worker support to support CRuby well.

Library home page: https://rubygems.org/gems/puma-3.12.0.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /cache/puma-3.12.0.gem

Dependency Hierarchy:

• ❌ puma-3.12.0.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

Puma is a Ruby/Rack web server built for parallelism. Prior to puma version 5.6.2, puma may not always call close on the response body. Rails, prior to version 7.0.2.2, depended on the response body being closed in order for its CurrentAttributes implementation to work correctly. The combination of these two behaviors (Puma not closing the body + Rails' Executor implementation) causes information leakage. This problem is fixed in Puma versions 5.6.2 and 4.3.11. This problem is fixed in Rails versions 7.02.2, 6.1.4.6, 6.0.4.6, and 5.2.6.2. Upgrading to a patched Rails or Puma version fixes the vulnerability.

Publish Date: 2022-02-11

URL: CVE-2022-23634

CVSS 3 Score Details (5.9)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: GHSA-wh98-p28r-vrc9

Release Date: 2022-02-11

Fix Resolution: puma - 4.3.11, 5.6.2; actionpack - 5.2.6.2, 6.0.4.6, 6.1.4.6, 7.0.2.2

CVE-2021-41136

Vulnerable Library - puma-3.12.0.gem

Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Puma is intended for use in both development and production environments. It's great for highly concurrent Ruby implementations such as Rubinius and JRuby as well as as providing process worker support to support CRuby well.

Library home page: https://rubygems.org/gems/puma-3.12.0.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /cache/puma-3.12.0.gem

Dependency Hierarchy:

• ❌ puma-3.12.0.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using puma with a proxy which forwards HTTP header values which contain the LF character could allow HTTP request smugggling. A client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. The only proxy which has this behavior, as far as the Puma team is aware of, is Apache Traffic Server. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request's body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. This vulnerability was patched in Puma 5.5.1 and 4.3.9. As a workaround, do not use Apache Traffic Server with puma.

Publish Date: 2021-10-12

URL: CVE-2021-41136

CVSS 3 Score Details (3.7)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: Low
  • User Interaction: Required
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: GHSA-48w2-rm65-62xx

Release Date: 2021-10-12

Fix Resolution: puma - 4.3.9, 5.5.1

⛑️ Automatic Remediation is available for this issue

Vulnerable Library - sqlite3-1.5.0-x86_64-linux.gem

This module allows Ruby programs to interface with the SQLite3 database engine (http://www.sqlite.org). You must have the SQLite engine installed in order to build this module.

Note that this module is only compatible with SQLite 3.6.16 or newer.

Library home page: https://rubygems.org/gems/sqlite3-1.5.0-x86_64-linux.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /cache/sqlite3-1.5.0-x86_64-linux.gem

WS-2022-0324

Vulnerable Library - sqlite3-1.5.0-x86_64-linux.gem

This module allows Ruby programs to interface with the SQLite3 database engine (http://www.sqlite.org). You must have the SQLite engine installed in order to build this module.

Note that this module is only compatible with SQLite 3.6.16 or newer.

Library home page: https://rubygems.org/gems/sqlite3-1.5.0-x86_64-linux.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /cache/sqlite3-1.5.0-x86_64-linux.gem

Dependency Hierarchy:

• ❌ sqlite3-1.5.0-x86_64-linux.gem (Vulnerable Library)

Found in base branch: main

Vulnerability Details

The rubygem sqlite3 v1.5.1 upgrades the packaged version of libsqlite from v3.39.3 to v3.39.4.

libsqlite v3.39.4 addresses a vulnerability described as follows in the release notification:

Version 3.39.4 is a minimal patch against the prior release that addresses issues found since the
prior release. In particular, a potential vulnerability in the FTS3 extension has been fixed, so
this should be considered a security update.

In order to exploit the vulnerability, an attacker must have full SQL access and must be able to
construct a corrupt database with over 2GB of FTS3 content. The problem arises from a 32-bit
signed integer overflow.

Publish Date: 2022-10-03

URL: WS-2022-0324

CVSS 3 Score Details (5.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: GHSA-mgvv-5mxp-xq67

Release Date: 2022-10-03

Fix Resolution: sqlite3 - v1.5.1

⛑️ Automatic Remediation is available for this issue

Vulnerable Library - rails-5.2.2.gem

Ruby on Rails is a full-stack web framework optimized for programmer happiness and sustainable productivity. It encourages beautiful code by favoring convention over configuration.

Library home page: https://rubygems.org/gems/rails-5.2.2.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /cache/rails-5.2.2.gem

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

CVE-2022-21831

Vulnerable Library - activestorage-5.2.2.gem

Attach cloud and local files in Rails applications.

Library home page: https://rubygems.org/gems/activestorage-5.2.2.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/activestorage-5.2.2.gem

Dependency Hierarchy:

• rails-5.2.2.gem (Root Library)
  • ❌ activestorage-5.2.2.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments.

Publish Date: 2022-05-26

URL: CVE-2022-21831

CVSS 3 Score Details (9.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: GHSA-w749-p3v6-hccq

Release Date: 2022-05-26

Fix Resolution: activestorage - 5.2.6.3,6.0.4.7,6.1.4.7,7.0.2.3

CVE-2019-5420

Vulnerable Library - rails-5.2.2.gem

Ruby on Rails is a full-stack web framework optimized for programmer happiness and sustainable productivity. It encourages beautiful code by favoring convention over configuration.

Library home page: https://rubygems.org/gems/rails-5.2.2.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /cache/rails-5.2.2.gem

Dependency Hierarchy:

• ❌ rails-5.2.2.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit.

Publish Date: 2019-03-27

URL: CVE-2019-5420

CVSS 3 Score Details (9.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/

Release Date: 2019-03-27

Fix Resolution: 5.2.2.1,6.0.0.beta3

⛑️ Automatic Remediation is available for this issue

CVE-2019-5419

Vulnerable Library - rails-5.2.2.gem

Ruby on Rails is a full-stack web framework optimized for programmer happiness and sustainable productivity. It encourages beautiful code by favoring convention over configuration.

Library home page: https://rubygems.org/gems/rails-5.2.2.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /cache/rails-5.2.2.gem

Dependency Hierarchy:

• ❌ rails-5.2.2.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive.

Publish Date: 2019-03-27

URL: CVE-2019-5419

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/

Release Date: 2020-10-16

Fix Resolution: 4.2.11.1, 5.0.7.2, 5.1.6.2, 5.2.2.1

⛑️ Automatic Remediation is available for this issue

CVE-2019-5418

Vulnerable Library - rails-5.2.2.gem

Ruby on Rails is a full-stack web framework optimized for programmer happiness and sustainable productivity. It encourages beautiful code by favoring convention over configuration.

Library home page: https://rubygems.org/gems/rails-5.2.2.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /cache/rails-5.2.2.gem

Dependency Hierarchy:

• ❌ rails-5.2.2.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.

Publish Date: 2019-03-27

URL: CVE-2019-5418

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/

Release Date: 2020-10-16

Fix Resolution: 4.2.11.1, 5.0.7.2, 5.1.6.2, 5.2.2.1

⛑️ Automatic Remediation is available for this issue

CVE-2020-8162

Vulnerable Library - activestorage-5.2.2.gem

Attach cloud and local files in Rails applications.

Library home page: https://rubygems.org/gems/activestorage-5.2.2.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/activestorage-5.2.2.gem

Dependency Hierarchy:

• rails-5.2.2.gem (Root Library)
  • ❌ activestorage-5.2.2.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits.

Publish Date: 2020-06-19

URL: CVE-2020-8162

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: High
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: GHSA-m42x-37p3-fv5w

Release Date: 2020-06-19

Fix Resolution: 5.2.4.3,6.0.3.1

CVE-2021-22880

Vulnerable Libraries - activerecord-5.2.2.gem, rails-5.2.2.gem

activerecord-5.2.2.gem

Databases on Rails. Build a persistent domain model by mapping database tables to Ruby classes. Strong conventions for associations, validations, aggregations, migrations, and testing come baked-in.

Library home page: https://rubygems.org/gems/activerecord-5.2.2.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/activerecord-5.2.2.gem

Dependency Hierarchy:

• rails-5.2.2.gem (Root Library)
  • ❌ activerecord-5.2.2.gem (Vulnerable Library)

rails-5.2.2.gem

Ruby on Rails is a full-stack web framework optimized for programmer happiness and sustainable productivity. It encourages beautiful code by favoring convention over configuration.

Library home page: https://rubygems.org/gems/rails-5.2.2.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /cache/rails-5.2.2.gem

Dependency Hierarchy:

• ❌ rails-5.2.2.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validation in the money type of the PostgreSQL adapter in Active Record to spend too much time in a regular expression, resulting in the potential for a DoS attack. This only impacts Rails applications that are using PostgreSQL along with money type columns that take user input.

Publish Date: 2021-02-11

URL: CVE-2021-22880

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: https://discuss.rubyonrails.org/t/cve-2021-22880-possible-dos-vulnerability-in-active-record-postgresql-adapter/77129

Release Date: 2021-02-11

Fix Resolution: 5.2.4.5,6.0.3.5,6.1.2.1

⛑️ Automatic Remediation is available for this issue

CVE-2020-7663

Vulnerable Library - websocket-extensions-0.1.3.gem

Library home page: https://rubygems.org/gems/websocket-extensions-0.1.3.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/websocket-extensions-0.1.3.gem

Dependency Hierarchy:

• rails-5.2.2.gem (Root Library)
  • actioncable-5.2.2.gem
    • websocket-driver-0.7.0.gem
      • ❌ websocket-extensions-0.1.3.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

websocket-extensions ruby module prior to 0.1.5 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be abused by an attacker to conduct Regex Denial Of Service (ReDoS) on a single-threaded server by providing a malicious payload with the Sec-WebSocket-Extensions header.

Publish Date: 2020-06-02

URL: CVE-2020-7663

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7663

Release Date: 2020-09-17

Fix Resolution: websocket-extensions:0.1.5

CVE-2022-32224

Vulnerable Library - activerecord-5.2.2.gem

Databases on Rails. Build a persistent domain model by mapping database tables to Ruby classes. Strong conventions for associations, validations, aggregations, migrations, and testing come baked-in.

Library home page: https://rubygems.org/gems/activerecord-5.2.2.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/activerecord-5.2.2.gem

Dependency Hierarchy:

• rails-5.2.2.gem (Root Library)
  • ❌ activerecord-5.2.2.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

RCE bug with Serialized Columns in Active Record before 5.2.8.1, 6.0.0 and before 6.0.5.1, 6.1.0 and before 6.1.6.1, 7.0.0 and before 7.0.3.
When serialized columns that use YAML (the default) are deserialized, Rails uses YAML.unsafe_load to convert the YAML data in to Ruby objects. If an attacker can manipulate data in the database (via means like SQL injection), then it may be possible for the attacker to escalate to an RCE.

Publish Date: 2022-06-02

URL: CVE-2022-32224

CVSS 3 Score Details (7.0)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Local
  • Attack Complexity: High
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: GHSA-3hhc-qp5v-9p2j

Release Date: 2022-06-02

Fix Resolution: activerecord - 5.2.8.1,6.0.5.1,6.1.6.1,7.0.3.1

CVE-2020-8167

Vulnerable Library - rails-5.2.2.gem

Ruby on Rails is a full-stack web framework optimized for programmer happiness and sustainable productivity. It encourages beautiful code by favoring convention over configuration.

Library home page: https://rubygems.org/gems/rails-5.2.2.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /cache/rails-5.2.2.gem

Dependency Hierarchy:

• ❌ rails-5.2.2.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains.

Publish Date: 2020-06-19

URL: CVE-2020-8167

CVSS 3 Score Details (6.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: High
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: https://rubygems.org/gems/rails/versions/6.0.3.1

Release Date: 2020-06-19

Fix Resolution: 6.0.3.1,5.2.4.3

⛑️ Automatic Remediation is available for this issue

Vulnerable Library - sass-rails-5.1.0.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/actionpack-5.2.8.1.gem

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

WS-2023-0224

Vulnerable Library - actionpack-5.2.8.1.gem

Web apps on Rails. Simple, battle-tested conventions for building and testing MVC web applications. Works with any Rack-compatible server.

Library home page: https://rubygems.org/gems/actionpack-5.2.8.1.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/actionpack-5.2.8.1.gem

Dependency Hierarchy:

• sass-rails-5.1.0.gem (Root Library)
  • sprockets-rails-3.4.2.gem
    • ❌ actionpack-5.2.8.1.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

In actionpack prior to 6.1.5 there is a Possible DOS in app with crashing exceptions_app.

Publish Date: 2023-06-28

URL: WS-2023-0224

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Release Date: 2023-06-28

Fix Resolution: actionpack - 6.1.5

CVE-2023-27539

Vulnerable Library - rack-2.2.4.gem

Rack provides a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between (the so-called middleware) into a single method call.

Library home page: https://rubygems.org/gems/rack-2.2.4.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/rack-2.2.4.gem

Dependency Hierarchy:

• sass-rails-5.1.0.gem (Root Library)
  • sprockets-rails-3.4.2.gem
    • sprockets-3.7.2.gem
      • ❌ rack-2.2.4.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

There is a denial of service vulnerability in the header parsing component of Rack. Carefully crafted input can cause header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse headers using Rack (virtually all Rails applications) are impacted. The issue is fixed versions 2.2.6.4 and 3.0.6.1

Publish Date: 2023-03-03

URL: CVE-2023-27539

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: https://discuss.rubyonrails.org/t/cve-2023-27539-possible-denial-of-service-vulnerability-in-racks-header-parsing/82466

Release Date: 2023-03-03

Fix Resolution: rack - 2.2.6.4,3.0.6.1

CVE-2023-27530

Vulnerable Library - rack-2.2.4.gem

Rack provides a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between (the so-called middleware) into a single method call.

Library home page: https://rubygems.org/gems/rack-2.2.4.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/rack-2.2.4.gem

Dependency Hierarchy:

• sass-rails-5.1.0.gem (Root Library)
  • sprockets-rails-3.4.2.gem
    • sprockets-3.7.2.gem
      • ❌ rack-2.2.4.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected.

Publish Date: 2023-03-10

URL: CVE-2023-27530

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Release Date: 2023-03-10

Fix Resolution: rack - 2.0.9.3,2.1.4.3,2.2.6.3,3.0.4.2

CVE-2023-22796

Vulnerable Library - activesupport-5.2.8.1.gem

A toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization, time zones, and testing.

Library home page: https://rubygems.org/gems/activesupport-5.2.8.1.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/activesupport-5.2.8.1.gem

Dependency Hierarchy:

• sass-rails-5.1.0.gem (Root Library)
  • sprockets-rails-3.4.2.gem
    • ❌ activesupport-5.2.8.1.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability.

Publish Date: 2023-02-09

URL: CVE-2023-22796

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: GHSA-j6gc-792m-qgm2

Release Date: 2023-02-09

Fix Resolution: activesupport - 6.1.7.1,7.0.4.1

CVE-2023-22795

Vulnerable Library - actionpack-5.2.8.1.gem

Web apps on Rails. Simple, battle-tested conventions for building and testing MVC web applications. Works with any Rack-compatible server.

Library home page: https://rubygems.org/gems/actionpack-5.2.8.1.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/actionpack-5.2.8.1.gem

Dependency Hierarchy:

• sass-rails-5.1.0.gem (Root Library)
  • sprockets-rails-3.4.2.gem
    • ❌ actionpack-5.2.8.1.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.

Publish Date: 2023-02-09

URL: CVE-2023-22795

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Release Date: 2023-02-09

Fix Resolution: actionpack - 6.1.7.1, 7.0.4.1

CVE-2023-22792

Vulnerable Library - actionpack-5.2.8.1.gem

Web apps on Rails. Simple, battle-tested conventions for building and testing MVC web applications. Works with any Rack-compatible server.

Library home page: https://rubygems.org/gems/actionpack-5.2.8.1.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/actionpack-5.2.8.1.gem

Dependency Hierarchy:

• sass-rails-5.1.0.gem (Root Library)
  • sprockets-rails-3.4.2.gem
    • ❌ actionpack-5.2.8.1.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1. Specially crafted cookies, in combination with a specially crafted X_FORWARDED_HOST header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.

Publish Date: 2023-02-09

URL: CVE-2023-22792

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Release Date: 2023-02-09

Fix Resolution: actionpack - 6.1.7.1,7.0.4.1

CVE-2022-44572

Vulnerable Library - rack-2.2.4.gem

Rack provides a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between (the so-called middleware) into a single method call.

Library home page: https://rubygems.org/gems/rack-2.2.4.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/rack-2.2.4.gem

Dependency Hierarchy:

• sass-rails-5.1.0.gem (Root Library)
  • sprockets-rails-3.4.2.gem
    • sprockets-3.7.2.gem
      • ❌ rack-2.2.4.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted.

Publish Date: 2023-02-09

URL: CVE-2022-44572

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: GHSA-rqv2-275x-2jq5

Release Date: 2023-02-09

Fix Resolution: rack - 2.0.9.2,2.1.4.2,2.2.6.2,3.0.4.1

CVE-2022-44571

Vulnerable Library - rack-2.2.4.gem

Rack provides a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between (the so-called middleware) into a single method call.

Library home page: https://rubygems.org/gems/rack-2.2.4.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/rack-2.2.4.gem

Dependency Hierarchy:

• sass-rails-5.1.0.gem (Root Library)
  • sprockets-rails-3.4.2.gem
    • sprockets-3.7.2.gem
      • ❌ rack-2.2.4.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

There is a denial of service vulnerability in the Content-Disposition parsingcomponent of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1, 3.0.0.1. This could allow an attacker to craft an input that can cause Content-Disposition header parsing in Rackto take an unexpected amount of time, possibly resulting in a denial ofservice attack vector. This header is used typically used in multipartparsing. Any applications that parse multipart posts using Rack (virtuallyall Rails applications) are impacted.

Publish Date: 2023-02-09

URL: CVE-2022-44571

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: GHSA-93pm-5p5f-3ghx

Release Date: 2023-02-09

Fix Resolution: rack - 2.0.9.2,2.1.4.2,2.2.6.2,3.0.4.1

CVE-2022-44570

Vulnerable Library - rack-2.2.4.gem

Rack provides a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between (the so-called middleware) into a single method call.

Library home page: https://rubygems.org/gems/rack-2.2.4.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/rack-2.2.4.gem

Dependency Hierarchy:

• sass-rails-5.1.0.gem (Root Library)
  • sprockets-rails-3.4.2.gem
    • sprockets-3.7.2.gem
      • ❌ rack-2.2.4.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

A denial of service vulnerability in the Range header parsing component of Rack >= 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with Range requests (such as streaming applications, or applications that serve files) may be impacted.

Publish Date: 2023-02-09

URL: CVE-2022-44570

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: GHSA-65f5-mfpf-vfhj

Release Date: 2023-02-09

Fix Resolution: rack - 2.0.9.2,2.1.4.2,2.2.6.2,3.0.4.1

CVE-2022-23517

Vulnerable Library - rails-html-sanitizer-1.4.3.gem

HTML sanitization for Rails applications

Library home page: https://rubygems.org/gems/rails-html-sanitizer-1.4.3.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/rails-html-sanitizer-1.4.3.gem

Dependency Hierarchy:

• sass-rails-5.1.0.gem (Root Library)
  • sprockets-rails-3.4.2.gem
    • actionpack-5.2.8.1.gem
      • ❌ rails-html-sanitizer-1.4.3.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Certain configurations of rails-html-sanitizer < 1.4.4 use an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption. This issue has been patched in version 1.4.4.

Publish Date: 2022-12-14

URL: CVE-2022-23517

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: GHSA-5x79-w82f-gw8w

Release Date: 2022-12-14

Fix Resolution: rails-html-sanitizer - 1.4.4

CVE-2022-23516

Vulnerable Library - loofah-2.19.0.gem

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri.

Loofah excels at HTML sanitization (XSS prevention). It includes some nice HTML sanitizers, which are based on HTML5lib's safelist, so it most likely won't make your codes less secure. (These statements have not been evaluated by Netexperts.)

ActiveRecord extensions for sanitization are available in the loofah-activerecord gem.

Library home page: https://rubygems.org/gems/loofah-2.19.0.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/loofah-2.19.0.gem

Dependency Hierarchy:

• sass-rails-5.1.0.gem (Root Library)
  • sprockets-rails-3.4.2.gem
    • actionpack-5.2.8.1.gem
      • rails-html-sanitizer-1.4.3.gem
        • ❌ loofah-2.19.0.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah >= 2.2.0, < 2.19.1 uses recursion for sanitizing CDATA sections, making it susceptible to stack exhaustion and raising a SystemStackError exception. This may lead to a denial of service through CPU resource consumption. This issue is patched in version 2.19.1. Users who are unable to upgrade may be able to mitigate this vulnerability by limiting the length of the strings that are sanitized.

Publish Date: 2022-12-14

URL: CVE-2022-23516

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: GHSA-3x8r-x6xp-q4vm

Release Date: 2022-12-14

Fix Resolution: loofah - 2.19.1

CVE-2022-23514

Vulnerable Library - loofah-2.19.0.gem

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri.

Loofah excels at HTML sanitization (XSS prevention). It includes some nice HTML sanitizers, which are based on HTML5lib's safelist, so it most likely won't make your codes less secure. (These statements have not been evaluated by Netexperts.)

ActiveRecord extensions for sanitization are available in the loofah-activerecord gem.

Library home page: https://rubygems.org/gems/loofah-2.19.0.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/loofah-2.19.0.gem

Dependency Hierarchy:

• sass-rails-5.1.0.gem (Root Library)
  • sprockets-rails-3.4.2.gem
    • actionpack-5.2.8.1.gem
      • rails-html-sanitizer-1.4.3.gem
        • ❌ loofah-2.19.0.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah < 2.19.1 contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption. This issue is patched in version 2.19.1.

Publish Date: 2022-12-14

URL: CVE-2022-23514

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: GHSA-486f-hjj9-9vhh

Release Date: 2022-12-14

Fix Resolution: loofah - 2.19.1

CVE-2022-23476

Vulnerable Library - nokogiri-1.13.8-x86_64-linux.gem

Nokogiri (鋸) makes it easy and painless to work with XML and HTML from Ruby. It provides a sensible, easy-to-understand API for reading, writing, modifying, and querying documents. It is fast and standards-compliant by relying on native parsers like libxml2 (C) and xerces (Java).

Library home page: https://rubygems.org/gems/nokogiri-1.13.8-x86_64-linux.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/nokogiri-1.13.8-x86_64-linux.gem

Dependency Hierarchy:

• sass-rails-5.1.0.gem (Root Library)
  • sprockets-rails-3.4.2.gem
    • actionpack-5.2.8.1.gem
      • rails-html-sanitizer-1.4.3.gem
        • loofah-2.19.0.gem
          • ❌ nokogiri-1.13.8-x86_64-linux.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri 1.13.8 and 1.13.9 fail to check the return value from xmlTextReaderExpand in the method Nokogiri::XML::Reader#attribute_hash. This can lead to a null pointer exception when invalid markup is being parsed. For applications using XML::Reader to parse untrusted inputs, this may potentially be a vector for a denial of service attack. Users are advised to upgrade to Nokogiri >= 1.13.10. Users may be able to search their code for calls to either XML::Reader#attributes or XML::Reader#attribute_hash to determine if they are affected.

Publish Date: 2022-12-08

URL: CVE-2022-23476

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Release Date: 2022-12-08

Fix Resolution: nokogiri - 1.13.10

CVE-2023-28362

Vulnerable Library - actionpack-5.2.8.1.gem

Web apps on Rails. Simple, battle-tested conventions for building and testing MVC web applications. Works with any Rack-compatible server.

Library home page: https://rubygems.org/gems/actionpack-5.2.8.1.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/actionpack-5.2.8.1.gem

Dependency Hierarchy:

• sass-rails-5.1.0.gem (Root Library)
  • sprockets-rails-3.4.2.gem
    • ❌ actionpack-5.2.8.1.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

A possible Cross-Site Scripting (XSS) vulnerability was found in actionpack gem. The redirect_to method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header. The vulnerability is fixed in versions 6.1.7.4 and 7.0.5.1.

Publish Date: 2023-03-15

URL: CVE-2023-28362

CVSS 3 Score Details (6.1)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: https://discuss.rubyonrails.org/t/cve-2023-28362-possible-xss-via-user-supplied-values-to-redirect-to/83132

Release Date: 2023-03-15

Fix Resolution: actionpack - 6.1.7.3,7.0.5.1

CVE-2022-23520

Vulnerable Library - rails-html-sanitizer-1.4.3.gem

HTML sanitization for Rails applications

Library home page: https://rubygems.org/gems/rails-html-sanitizer-1.4.3.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/rails-html-sanitizer-1.4.3.gem

Dependency Hierarchy:

• sass-rails-5.1.0.gem (Root Library)
  • sprockets-rails-3.4.2.gem
    • actionpack-5.2.8.1.gem
      • ❌ rails-html-sanitizer-1.4.3.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both "select" and "style" elements. Code is only impacted if allowed tags are being overridden. This issue is patched in version 1.4.4. All users overriding the allowed tags to include both "select" and "style" should either upgrade or use this workaround: Remove either "select" or "style" from the overridden allowed tags. NOTE: Code is not impacted if allowed tags are overridden using either the :tags option to the Action View helper method sanitize or the :tags option to the instance method SafeListSanitizer#sanitize.

Publish Date: 2022-12-14

URL: CVE-2022-23520

CVSS 3 Score Details (6.1)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: GHSA-rrfc-7g8p-99q8

Release Date: 2022-12-14

Fix Resolution: rails-html-sanitizer - 1.4.4

CVE-2022-23519

Vulnerable Library - rails-html-sanitizer-1.4.3.gem

HTML sanitization for Rails applications

Library home page: https://rubygems.org/gems/rails-html-sanitizer-1.4.3.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/rails-html-sanitizer-1.4.3.gem

Dependency Hierarchy:

• sass-rails-5.1.0.gem (Root Library)
  • sprockets-rails-3.4.2.gem
    • actionpack-5.2.8.1.gem
      • ❌ rails-html-sanitizer-1.4.3.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags in either of the following ways: allow both "math" and "style" elements, or allow both "svg" and "style" elements. Code is only impacted if allowed tags are being overridden. . This issue is fixed in version 1.4.4. All users overriding the allowed tags to include "math" or "svg" and "style" should either upgrade or use the following workaround immediately: Remove "style" from the overridden allowed tags, or remove "math" and "svg" from the overridden allowed tags.

Publish Date: 2022-12-14

URL: CVE-2022-23519

CVSS 3 Score Details (6.1)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: GHSA-9h9g-93gc-623h

Release Date: 2022-12-14

Fix Resolution: rails-html-sanitizer - 1.4.4

CVE-2022-23518

Vulnerable Library - rails-html-sanitizer-1.4.3.gem

HTML sanitization for Rails applications

Library home page: https://rubygems.org/gems/rails-html-sanitizer-1.4.3.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/rails-html-sanitizer-1.4.3.gem

Dependency Hierarchy:

• sass-rails-5.1.0.gem (Root Library)
  • sprockets-rails-3.4.2.gem
    • actionpack-5.2.8.1.gem
      • ❌ rails-html-sanitizer-1.4.3.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions >= 1.0.3, < 1.4.4 are vulnerable to cross-site scripting via data URIs when used in combination with Loofah >= 2.1.0. This issue is patched in version 1.4.4.

Publish Date: 2022-12-14

URL: CVE-2022-23518

CVSS 3 Score Details (6.1)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: GHSA-mcvf-2q2m-x72m

Release Date: 2022-12-14

Fix Resolution: rails-html-sanitizer - 1.4.4

CVE-2022-23515

Vulnerable Library - loofah-2.19.0.gem

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri.

Loofah excels at HTML sanitization (XSS prevention). It includes some nice HTML sanitizers, which are based on HTML5lib's safelist, so it most likely won't make your codes less secure. (These statements have not been evaluated by Netexperts.)

ActiveRecord extensions for sanitization are available in the loofah-activerecord gem.

Library home page: https://rubygems.org/gems/loofah-2.19.0.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/loofah-2.19.0.gem

Dependency Hierarchy:

• sass-rails-5.1.0.gem (Root Library)
  • sprockets-rails-3.4.2.gem
    • actionpack-5.2.8.1.gem
      • rails-html-sanitizer-1.4.3.gem
        • ❌ loofah-2.19.0.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah >= 2.1.0, < 2.19.1 is vulnerable to cross-site scripting via the image/svg+xml media type in data URIs. This issue is patched in version 2.19.1.

Publish Date: 2022-12-14

URL: CVE-2022-23515

CVSS 3 Score Details (6.1)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: GHSA-228g-948r-83gx

Release Date: 2022-12-14

Fix Resolution: loofah - 2.19.1

CVE-2024-26141

Vulnerable Library - rack-2.2.4.gem

Rack provides a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between (the so-called middleware) into a single method call.

Library home page: https://rubygems.org/gems/rack-2.2.4.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/rack-2.2.4.gem

Dependency Hierarchy:

• sass-rails-5.1.0.gem (Root Library)
  • sprockets-rails-3.4.2.gem
    • sprockets-3.7.2.gem
      • ❌ rack-2.2.4.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the Rack::File middleware or the Rack::Utils.byte_ranges methods (this includes Rails applications). The vulnerability is fixed in 3.0.9.1 and 2.2.8.1.

Publish Date: 2024-02-29

URL: CVE-2024-26141

CVSS 3 Score Details (5.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Changed
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: Low

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2024-26141

Release Date: 2024-02-29

Fix Resolution: rack - 2.2.8.1,3.0.9.1

CVE-2022-3704

Vulnerable Library - actionpack-5.2.8.1.gem

Web apps on Rails. Simple, battle-tested conventions for building and testing MVC web applications. Works with any Rack-compatible server.

Library home page: https://rubygems.org/gems/actionpack-5.2.8.1.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/actionpack-5.2.8.1.gem

Dependency Hierarchy:

• sass-rails-5.1.0.gem (Root Library)
  • sprockets-rails-3.4.2.gem
    • ❌ actionpack-5.2.8.1.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

** DISPUTED ** A vulnerability classified as problematic has been found in Ruby on Rails. This affects an unknown part of the file actionpack/lib/action_dispatch/middleware/templates/routes/_table.html.erb. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The real existence of this vulnerability is still doubted at the moment. The name of the patch is be177e4566747b73ff63fd5f529fab564e475ed4. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212319. NOTE: Maintainer declares that there isn’t a valid attack vector. The issue was wrongly reported as a security vulnerability by a non-member of the Rails team.

Publish Date: 2022-10-26

URL: CVE-2022-3704

CVSS 3 Score Details (5.4)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: Required
  • Scope: Changed
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

CVE-2024-26146

Vulnerable Library - rack-2.2.4.gem

Rack provides a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between (the so-called middleware) into a single method call.

Library home page: https://rubygems.org/gems/rack-2.2.4.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/rack-2.2.4.gem

Dependency Hierarchy:

• sass-rails-5.1.0.gem (Root Library)
  • sprockets-rails-3.4.2.gem
    • sprockets-3.7.2.gem
      • ❌ rack-2.2.4.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

Rack is a modular Ruby web server interface. Carefully crafted headers can cause header parsing in Rack to take longer than expected resulting in a possible denial of service issue. Accept and Forwarded headers are impacted. Ruby 3.2 has mitigations for this problem, so Rack applications using Ruby 3.2 or newer are unaffected. This vulnerability is fixed in 2.0.9.4, 2.1.4.4, 2.2.8.1, and 3.0.9.1.

Publish Date: 2024-02-29

URL: CVE-2024-26146

CVSS 3 Score Details (5.3)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: Low

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2024-26146

Release Date: 2024-02-29

Fix Resolution: rack - 2.0.9.4,2.1.4.4,2.2.8.1,3.0.9.1

CVE-2024-25126

Vulnerable Library - rack-2.2.4.gem

Rack provides a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between (the so-called middleware) into a single method call.

Library home page: https://rubygems.org/gems/rack-2.2.4.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/rack-2.2.4.gem

Dependency Hierarchy:

• sass-rails-5.1.0.gem (Root Library)
  • sprockets-rails-3.4.2.gem
    • sprockets-3.7.2.gem
      • ❌ rack-2.2.4.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial of service vulnerability (ReDos 2nd degree polynomial). This vulnerability is patched in 3.0.9.1 and 2.2.8.1.

Publish Date: 2024-02-29

URL: CVE-2024-25126

CVSS 3 Score Details (5.3)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: Low

Suggested Fix

Type: Upgrade version

Origin: GHSA-22f2-v57c-j9cx

Release Date: 2024-02-29

Fix Resolution: rack - 2.2.8.1,3.0.9.1

CVE-2023-38037

Vulnerable Library - activesupport-5.2.8.1.gem

A toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization, time zones, and testing.

Library home page: https://rubygems.org/gems/activesupport-5.2.8.1.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/activesupport-5.2.8.1.gem

Dependency Hierarchy:

• sass-rails-5.1.0.gem (Root Library)
  • sprockets-rails-3.4.2.gem
    • ❌ activesupport-5.2.8.1.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

Active Support Possibly Discloses Locally Encrypted Files

Publish Date: 2023-07-12

URL: CVE-2023-38037

CVSS 3 Score Details (4.3)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: None
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: GHSA-cr5q-6q9f-rq6q

Release Date: 2023-07-12

Fix Resolution: activesupport - 6.1.7.5,7.0.7.1

Vulnerable Library - spring-2.0.2.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/activesupport-5.2.2.gem

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

CVE-2020-8165

Vulnerable Library - activesupport-5.2.2.gem

A toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization, time zones, and testing.

Library home page: https://rubygems.org/gems/activesupport-5.2.2.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/activesupport-5.2.2.gem

Dependency Hierarchy:

• spring-2.0.2.gem (Root Library)
  • ❌ activesupport-5.2.2.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.

Publish Date: 2020-06-19

URL: CVE-2020-8165

CVSS 3 Score Details (9.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: GHSA-2p68-f74v-9wc6

Release Date: 2020-06-19

Fix Resolution: 5.2.4.3,6.0.3.1

CVE-2022-31163

Vulnerable Library - tzinfo-1.2.5.gem

TZInfo provides daylight savings aware transformations between times in different time zones.

Library home page: https://rubygems.org/gems/tzinfo-1.2.5.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/tzinfo-1.2.5.gem

Dependency Hierarchy:

• spring-2.0.2.gem (Root Library)
  • activesupport-5.2.2.gem
    • ❌ tzinfo-1.2.5.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the Ruby data source, time zones are defined in Ruby files. There is one file per time zone. Time zone files are loaded with require on demand. In the affected versions, TZInfo::Timezone.get fails to validate time zone identifiers correctly, allowing a new line character within the identifier. With Ruby version 1.9.3 and later, TZInfo::Timezone.get can be made to load unintended files with require, executing them within the Ruby process. Versions 0.3.61 and 1.2.10 include fixes to correctly validate time zone identifiers. Versions 2.0.0 and later are not vulnerable. Version 0.3.61 can still load arbitrary files from the Ruby load path if their name follows the rules for a valid time zone identifier and the file has a prefix of tzinfo/definition within a directory in the load path. Applications should ensure that untrusted files are not placed in a directory on the load path. As a workaround, the time zone identifier can be validated before passing to TZInfo::Timezone.get by ensuring it matches the regular expression \A[A-Za-z0-9+\-_]+(?:\/[A-Za-z0-9+\-_]+)*\z.

Publish Date: 2022-07-22

URL: CVE-2022-31163

CVSS 3 Score Details (8.1)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: GHSA-5cm2-9h8c-rvfx

Release Date: 2022-07-22

Fix Resolution: tzinfo - 0.3.61,1.2.10

Vulnerable Library - coffee-rails-4.2.2.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/actionpack-5.2.8.1.gem

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

CVE-2022-3704

Vulnerable Library - actionpack-5.2.8.1.gem

Web apps on Rails. Simple, battle-tested conventions for building and testing MVC web applications. Works with any Rack-compatible server.

Library home page: https://rubygems.org/gems/actionpack-5.2.8.1.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/actionpack-5.2.8.1.gem

Dependency Hierarchy:

• coffee-rails-4.2.2.gem (Root Library)
  • railties-5.2.8.1.gem
    • ❌ actionpack-5.2.8.1.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

A vulnerability classified as problematic has been found in Ruby on Rails. This affects an unknown part of the file actionpack/lib/action_dispatch/middleware/templates/routes/_table.html.erb. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is be177e4566747b73ff63fd5f529fab564e475ed4. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212319.

Publish Date: 2022-10-26

URL: CVE-2022-3704

CVSS 3 Score Details (5.4)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: Required
  • Scope: Changed
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Vulnerable Library - puma-3.12.6.gem

Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Puma is intended for use in both development and production environments. It's great for highly concurrent Ruby implementations such as Rubinius and JRuby as well as as providing process worker support to support CRuby well.

Library home page: https://rubygems.org/gems/puma-3.12.6.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /cache/puma-3.12.6.gem

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

CVE-2023-40175

Vulnerable Library - puma-3.12.6.gem

Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Puma is intended for use in both development and production environments. It's great for highly concurrent Ruby implementations such as Rubinius and JRuby as well as as providing process worker support to support CRuby well.

Library home page: https://rubygems.org/gems/puma-3.12.6.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /cache/puma-3.12.6.gem

Dependency Hierarchy:

• ❌ puma-3.12.6.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

Puma is a Ruby/Rack web server built for parallelism. Prior to versions 6.3.1 and 5.6.7, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. Severity of this issue is highly dependent on the nature of the web site using puma is. This could be caused by either incorrect parsing of trailing fields in chunked transfer encoding bodies or by parsing of blank/zero-length Content-Length headers. Both issues have been addressed and this vulnerability has been fixed in versions 6.3.1 and 5.6.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Publish Date: 2023-08-18

URL: CVE-2023-40175

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.3%

CVSS 3 Score Details (9.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2023-40175

Release Date: 2023-08-18

Fix Resolution: puma - 5.6.7,6.3.1

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2024-21647

Vulnerable Library - puma-3.12.6.gem

Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Puma is intended for use in both development and production environments. It's great for highly concurrent Ruby implementations such as Rubinius and JRuby as well as as providing process worker support to support CRuby well.

Library home page: https://rubygems.org/gems/puma-3.12.6.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /cache/puma-3.12.6.gem

Dependency Hierarchy:

• ❌ puma-3.12.6.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

Puma is a web server for Ruby/Rack applications built for parallelism. Prior to version 6.4.2, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies in a way that allowed HTTP request smuggling. Fixed versions limits the size of chunk extensions. Without this limit, an attacker could cause unbounded resource (CPU, network bandwidth) consumption. This vulnerability has been fixed in versions 6.4.2 and 5.6.8.

Publish Date: 2024-01-08

URL: CVE-2024-21647

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.0%

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2024-21647

Release Date: 2024-01-08

Fix Resolution: puma - 5.6.8,6.4.2

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2021-29509

Vulnerable Library - puma-3.12.6.gem

Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Puma is intended for use in both development and production environments. It's great for highly concurrent Ruby implementations such as Rubinius and JRuby as well as as providing process worker support to support CRuby well.

Library home page: https://rubygems.org/gems/puma-3.12.6.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /cache/puma-3.12.6.gem

Dependency Hierarchy:

• ❌ puma-3.12.6.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted from having their requests starved by greedy persistent-connections saturating all threads in the same process. However, new connections may still be starved by greedy persistent-connections saturating all threads in all processes in the cluster. A puma server which received more concurrent keep-alive connections than the server had threads in its threadpool would service only a subset of connections, denying service to the unserved connections. This problem has been fixed in puma 4.3.8 and 5.3.1. Setting queue_requests false also fixes the issue. This is not advised when using puma without a reverse proxy, such as nginx or apache, because you will open yourself to slow client attacks (e.g. slowloris). The fix is very small and a git patch is available for those using unsupported versions of Puma.

Publish Date: 2021-05-11

URL: CVE-2021-29509

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 1.0%

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: GHSA-q28m-8xjw-8vr5

Release Date: 2021-05-11

Fix Resolution: puma - 4.3.8,5.3.1

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2022-23634

Vulnerable Library - puma-3.12.6.gem

Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Puma is intended for use in both development and production environments. It's great for highly concurrent Ruby implementations such as Rubinius and JRuby as well as as providing process worker support to support CRuby well.

Library home page: https://rubygems.org/gems/puma-3.12.6.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /cache/puma-3.12.6.gem

Dependency Hierarchy:

• ❌ puma-3.12.6.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

Puma is a Ruby/Rack web server built for parallelism. Prior to puma version 5.6.2, puma may not always call close on the response body. Rails, prior to version 7.0.2.2, depended on the response body being closed in order for its CurrentAttributes implementation to work correctly. The combination of these two behaviors (Puma not closing the body + Rails' Executor implementation) causes information leakage. This problem is fixed in Puma versions 5.6.2 and 4.3.11. This problem is fixed in Rails versions 7.02.2, 6.1.4.6, 6.0.4.6, and 5.2.6.2. Upgrading to a patched Rails or Puma version fixes the vulnerability.

Publish Date: 2022-02-11

URL: CVE-2022-23634

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.2%

CVSS 3 Score Details (5.9)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: GHSA-wh98-p28r-vrc9

Release Date: 2022-02-11

Fix Resolution: puma - 4.3.11, 5.6.2; actionpack - 5.2.6.2, 6.0.4.6, 6.1.4.6, 7.0.2.2

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2021-41136

Vulnerable Library - puma-3.12.6.gem

Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Puma is intended for use in both development and production environments. It's great for highly concurrent Ruby implementations such as Rubinius and JRuby as well as as providing process worker support to support CRuby well.

Library home page: https://rubygems.org/gems/puma-3.12.6.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /cache/puma-3.12.6.gem

Dependency Hierarchy:

• ❌ puma-3.12.6.gem (Vulnerable Library)

Found in HEAD commit: 7d45750902e2450bdb22ac9f0b6cd476803f070a

Found in base branch: main

Vulnerability Details

Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using puma with a proxy which forwards HTTP header values which contain the LF character could allow HTTP request smugggling. A client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. The only proxy which has this behavior, as far as the Puma team is aware of, is Apache Traffic Server. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request's body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. This vulnerability was patched in Puma 5.5.1 and 4.3.9. As a workaround, do not use Apache Traffic Server with puma.

Publish Date: 2021-10-12

URL: CVE-2021-41136

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.2%

CVSS 3 Score Details (3.7)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: Low
  • User Interaction: Required
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

Suggested Fix

Type: Upgrade version

Origin: GHSA-48w2-rm65-62xx

Release Date: 2021-10-12

Fix Resolution: puma - 4.3.9, 5.5.1

⛑️ Automatic Remediation will be attempted for this issue.