Skip to content

[Snyk] Fix for 63 vulnerabilities #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 63 vulnerabilities #1

wants to merge 1 commit into from

Conversation

acastro2
Copy link
Member

@acastro2 acastro2 commented Apr 4, 2023

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `rubygems` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • Gemfile
⚠️ Warning 
Failed to update the Gemfile.lock, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
low severity 364/1000
Why? Has a fix available, Low severity		 Regular Expression Denial of Service (ReDoS)
SNYK-RUBY-ADDRESSABLE-1316242		 No No Known Exploit
low severity 364/1000
Why? Has a fix available, Low severity		 HTML Injection
SNYK-RUBY-CUCUMBER-20442		 Yes No Known Exploit
low severity 364/1000
Why? Has a fix available, Low severity		 DLL Loading Issue
SNYK-RUBY-FFI-22037		 No No Known Exploit
low severity 364/1000
Why? Has a fix available, Low severity		 Denial of Service (DoS)
SNYK-RUBY-JSON-560838		 No No Known Exploit
low severity 364/1000
Why? Has a fix available, Low severity		 Remote Code Execution
SNYK-RUBY-KRAMDOWN-585939		 Yes No Known Exploit
low severity 344/1000
Why? Has a fix available, CVSS 2.6		 XML External Entity (XXE) Injection
SNYK-RUBY-NOKOGIRI-1055008		 No No Known Exploit
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Denial of Service (DoS)
SNYK-RUBY-NOKOGIRI-1293239		 No Proof of Concept
low severity 364/1000
Why? Has a fix available, Low severity		 Denial of Service (DoS)
SNYK-RUBY-NOKOGIRI-1583442		 No No Known Exploit
low severity 364/1000
Why? Has a fix available, Low severity		 XML External Entity (XXE) Injection
SNYK-RUBY-NOKOGIRI-1726792		 No No Known Exploit
low severity 364/1000
Why? Has a fix available, Low severity		 Denial of Service (DoS)
SNYK-RUBY-NOKOGIRI-20157		 No No Known Exploit
low severity 364/1000
Why? Has a fix available, Low severity		 Denial of Service (DoS)
SNYK-RUBY-NOKOGIRI-20214		 No No Known Exploit
low severity 364/1000
Why? Has a fix available, Low severity		 Denial of Service (DoS)
SNYK-RUBY-NOKOGIRI-20245		 No No Known Exploit
low severity 364/1000
Why? Has a fix available, Low severity		 Arbitrary Code Execution
SNYK-RUBY-NOKOGIRI-20277		 No No Known Exploit
medium severity 601/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.6		 Sensitive Information Exposure
SNYK-RUBY-NOKOGIRI-20292		 No Proof of Concept
low severity 364/1000
Why? Has a fix available, Low severity		 XML External Entity (XXE) Injection
SNYK-RUBY-NOKOGIRI-20299		 No No Known Exploit
low severity 364/1000
Why? Has a fix available, Low severity		 Arbitrary Code Execution
SNYK-RUBY-NOKOGIRI-20367		 No No Known Exploit
low severity 364/1000
Why? Has a fix available, Low severity		 Out of Bounds Memory Write
SNYK-RUBY-NOKOGIRI-20368		 No No Known Exploit
high severity 826/1000
Why? Mature exploit, Has a fix available, CVSS 8.8		 Use of vulnerable libxml2
SNYK-RUBY-NOKOGIRI-20432		 No Mature
low severity 364/1000
Why? Has a fix available, Low severity		 Denial of Service (DoS)
SNYK-RUBY-NOKOGIRI-22013		 No No Known Exploit
low severity 364/1000
Why? Has a fix available, Low severity		 Denial of Service (DoS)
SNYK-RUBY-NOKOGIRI-22014		 No No Known Exploit
low severity 364/1000
Why? Has a fix available, Low severity		 Use After Free
SNYK-RUBY-NOKOGIRI-2413994		 No No Known Exploit
low severity 364/1000
Why? Has a fix available, Low severity		 Regular Expression Denial of Service (ReDoS)
SNYK-RUBY-NOKOGIRI-2620374		 No No Known Exploit
low severity 364/1000
Why? Has a fix available, Low severity		 Out-of-bounds Write
SNYK-RUBY-NOKOGIRI-2630623		 No No Known Exploit
low severity 364/1000
Why? Has a fix available, Low severity		 Denial of Service (DoS)
SNYK-RUBY-NOKOGIRI-2630898		 No No Known Exploit
low severity 364/1000
Why? Has a fix available, Low severity		 Improper Handling of Unexpected Data Type
SNYK-RUBY-NOKOGIRI-2840634		 No No Known Exploit
low severity 364/1000
Why? Has a fix available, Low severity		 NULL Pointer Dereference
SNYK-RUBY-NOKOGIRI-3052880		 No No Known Exploit
low severity 364/1000
Why? Has a fix available, Low severity		 Out-of-Bounds
SNYK-RUBY-NOKOGIRI-3357692		 No No Known Exploit
low severity 364/1000
Why? Has a fix available, Low severity		 Access Control Bypass
SNYK-RUBY-NOKOGIRI-3357693		 No No Known Exploit
low severity 364/1000
Why? Has a fix available, Low severity		 Command Injection
SNYK-RUBY-NOKOGIRI-459107		 No No Known Exploit
low severity 364/1000
Why? Has a fix available, Low severity		 Uncontrolled Memory Allocation
SNYK-RUBY-NOKOGIRI-534637		 No No Known Exploit
low severity 375/1000
Why? Has a fix available, Low severity		 Denial of Service (DoS)
SNYK-RUBY-NOKOGIRI-552159		 No No Known Exploit
low severity 364/1000
Why? Has a fix available, Low severity		 Denial of Service (DoS)
SNYK-RUBY-NOKOGIRI-72433		 No No Known Exploit
low severity 364/1000
Why? Has a fix available, Low severity		 Denial of Service (DoS)
SNYK-RUBY-PUMA-1291014		 Yes No Known Exploit
low severity 399/1000
Why? Has a fix available, CVSS 3.7		 HTTP Request Smuggling
SNYK-RUBY-PUMA-1730572		 Yes No Known Exploit
low severity 364/1000
Why? Has a fix available, Low severity		 Man-in-the-Middle (Mitm)
SNYK-RUBY-PUMA-20375		 No No Known Exploit
low severity 364/1000
Why? Has a fix available, Low severity		 Information Exposure
SNYK-RUBY-PUMA-2400629		 Yes No Known Exploit
low severity 364/1000
Why? Has a fix available, Low severity		 HTTP Request Smuggling
SNYK-RUBY-PUMA-2437090		 Yes No Known Exploit
low severity 364/1000
Why? Has a fix available, Low severity		 Denial of Service (DoS)
SNYK-RUBY-PUMA-536835		 Yes No Known Exploit
low severity 364/1000
Why? Has a fix available, Low severity		 HTTP Response Splitting
SNYK-RUBY-PUMA-559020		 Yes No Known Exploit
low severity 364/1000
Why? Has a fix available, Low severity		 HTTP Response Splitting
SNYK-RUBY-PUMA-559100		 Yes No Known Exploit
low severity 375/1000
Why? Has a fix available, Low severity		 HTTP Request Smuggling
SNYK-RUBY-PUMA-570205		 Yes No Known Exploit
low severity 375/1000
Why? Has a fix available, Low severity		 HTTP Request Smuggling
SNYK-RUBY-PUMA-570206		 Yes No Known Exploit
medium severity 616/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.9		 Web Cache Poisoning
SNYK-RUBY-RACK-1061917		 No Proof of Concept
low severity 364/1000
Why? Has a fix available, Low severity		 Denial of Service (DoS)
SNYK-RUBY-RACK-20230		 No No Known Exploit
low severity 364/1000
Why? Has a fix available, Low severity		 Denial of Service (DoS)
SNYK-RUBY-RACK-20400		 No No Known Exploit
low severity 364/1000
Why? Has a fix available, Low severity		 Arbitrary Code Injection
SNYK-RUBY-RACK-2848599		 Yes No Known Exploit
low severity 364/1000
Why? Has a fix available, Low severity		 Denial of Service (DoS)
SNYK-RUBY-RACK-2848600		 Yes No Known Exploit
low severity 364/1000
Why? Has a fix available, Low severity		 Regular Expression Denial of Service (ReDoS)
SNYK-RUBY-RACK-3237240		 Yes No Known Exploit
low severity 364/1000
Why? Has a fix available, Low severity		 Denial of Service (DoS)
SNYK-RUBY-RACK-3356639		 Yes No Known Exploit
low severity 364/1000
Why? Has a fix available, Low severity		 Information Exposure
SNYK-RUBY-RACK-538324		 No No Known Exploit
low severity 364/1000
Why? Has a fix available, Low severity		 Directory Traversal
SNYK-RUBY-RACK-569066		 Yes No Known Exploit
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5		 Cross-site Request Forgery (CSRF)
SNYK-RUBY-RACK-572377		 Yes Proof of Concept
low severity 364/1000
Why? Has a fix available, Low severity		 Cross-site Scripting (XSS)
SNYK-RUBY-RACK-72567		 No No Known Exploit
low severity 399/1000
Why? Has a fix available, CVSS 3.7		 Side-channel attack
SNYK-RUBY-RACKPROTECTION-20394		 Yes No Known Exploit
low severity 364/1000
Why? Has a fix available, Low severity		 Timing Attack
SNYK-RUBY-RACKPROTECTION-20395		 No No Known Exploit
low severity 364/1000
Why? Has a fix available, Low severity		 Directory Traversal
SNYK-RUBY-RACKPROTECTION-22019		 No No Known Exploit
low severity 364/1000
Why? Has a fix available, Low severity		 Cross-site Scripting (XSS)
SNYK-RUBY-SINATRA-20469		 No No Known Exploit
low severity 364/1000
Why? Has a fix available, Low severity		 Timing Attack
SNYK-RUBY-SINATRA-20488		 Yes No Known Exploit
low severity 364/1000
Why? Has a fix available, Low severity		 Cross-site Scripting (XSS)
SNYK-RUBY-SINATRA-22027		 Yes No Known Exploit
low severity 364/1000
Why? Has a fix available, Low severity		 Improper Input Validation
SNYK-RUBY-SINATRA-2806372		 Yes No Known Exploit
low severity 364/1000
Why? Has a fix available, Low severity		 Resources Downloaded over Insecure Protocol
SNYK-RUBY-SINATRA-3150405		 Yes No Known Exploit
low severity 364/1000
Why? Has a fix available, Low severity		 Denial of Service (DoS)
SNYK-RUBY-YAJLRUBY-22002		 Yes No Known Exploit
low severity 364/1000
Why? Has a fix available, Low severity		 Denial of Service (DoS)
SNYK-RUBY-YAJLRUBY-2441253		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 HTML Injection
🦉 Remote Code Execution
🦉 More lessons are available in Snyk Learn

@snyk-bot
fix: Gemfile to reduce vulnerabilities
ec8ab10 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-ADDRESSABLE-1316242
- https://snyk.io/vuln/SNYK-RUBY-CUCUMBER-20442
- https://snyk.io/vuln/SNYK-RUBY-FFI-22037
- https://snyk.io/vuln/SNYK-RUBY-JSON-560838
- https://snyk.io/vuln/SNYK-RUBY-KRAMDOWN-585939
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-1055008
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-1293239
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-1583442
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-1726792
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20157
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20214
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20245
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20277
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20292
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20299
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20367
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20368
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20432
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-22013
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-22014
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2413994
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2620374
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2630623
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2630898
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2840634
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-3052880
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-3357692
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-3357693
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-459107
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-534637
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-552159
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-72433
- https://snyk.io/vuln/SNYK-RUBY-PUMA-1291014
- https://snyk.io/vuln/SNYK-RUBY-PUMA-1730572
- https://snyk.io/vuln/SNYK-RUBY-PUMA-20375
- https://snyk.io/vuln/SNYK-RUBY-PUMA-2400629
- https://snyk.io/vuln/SNYK-RUBY-PUMA-2437090
- https://snyk.io/vuln/SNYK-RUBY-PUMA-536835
- https://snyk.io/vuln/SNYK-RUBY-PUMA-559020
- https://snyk.io/vuln/SNYK-RUBY-PUMA-559100
- https://snyk.io/vuln/SNYK-RUBY-PUMA-570205
- https://snyk.io/vuln/SNYK-RUBY-PUMA-570206
- https://snyk.io/vuln/SNYK-RUBY-RACK-1061917
- https://snyk.io/vuln/SNYK-RUBY-RACK-20230
- https://snyk.io/vuln/SNYK-RUBY-RACK-20400
- https://snyk.io/vuln/SNYK-RUBY-RACK-2848599
- https://snyk.io/vuln/SNYK-RUBY-RACK-2848600
- https://snyk.io/vuln/SNYK-RUBY-RACK-3237240
- https://snyk.io/vuln/SNYK-RUBY-RACK-3356639
- https://snyk.io/vuln/SNYK-RUBY-RACK-538324
- https://snyk.io/vuln/SNYK-RUBY-RACK-569066
- https://snyk.io/vuln/SNYK-RUBY-RACK-572377
- https://snyk.io/vuln/SNYK-RUBY-RACK-72567
- https://snyk.io/vuln/SNYK-RUBY-RACKPROTECTION-20394
- https://snyk.io/vuln/SNYK-RUBY-RACKPROTECTION-20395
- https://snyk.io/vuln/SNYK-RUBY-RACKPROTECTION-22019
- https://snyk.io/vuln/SNYK-RUBY-SINATRA-20469
- https://snyk.io/vuln/SNYK-RUBY-SINATRA-20488
- https://snyk.io/vuln/SNYK-RUBY-SINATRA-22027
- https://snyk.io/vuln/SNYK-RUBY-SINATRA-2806372
- https://snyk.io/vuln/SNYK-RUBY-SINATRA-3150405
- https://snyk.io/vuln/SNYK-RUBY-YAJLRUBY-22002
- https://snyk.io/vuln/SNYK-RUBY-YAJLRUBY-2441253
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@acastro2 @snyk-bot