Skip to content
This repository was archived by the owner on May 10, 2024. It is now read-only.

[Snyk] Fix for 56 vulnerabilities #3

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 56 vulnerabilities #3

wants to merge 1 commit into from

Conversation

svcprodsec-sendgrid
Copy link

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `rubygems` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • Gemfile
⚠️ Warning 
Failed to update the Gemfile.lock, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 429/1000
Why? Has a fix available, CVSS 4.3		 Cross-site Scripting (XSS)
SNYK-RUBY-ACTIVESUPPORT-20228		 No No Known Exploit
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Denial of Service (DoS)
SNYK-RUBY-ACTIVESUPPORT-20229		 No No Known Exploit
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-RUBY-ACTIVESUPPORT-3237242		 No No Known Exploit
medium severity 519/1000
Why? Has a fix available, CVSS 6.1		 Cross-site Scripting (XSS)
SNYK-RUBY-ACTIVESUPPORT-3360028		 No No Known Exploit
high severity 834/1000
Why? Mature exploit, Has a fix available, CVSS 8.1		 Deserialization of Untrusted Data
SNYK-RUBY-ACTIVESUPPORT-569598		 No Mature
medium severity 424/1000
Why? Has a fix available, CVSS 4.2		 Cross-site Scripting (XSS)
SNYK-RUBY-ERUBIS-20482		 Yes No Known Exploit
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-RUBY-GLOBALID-3237234		 No No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Denial of Service (DoS)
SNYK-RUBY-I18N-72582		 No No Known Exploit
medium severity 519/1000
Why? Has a fix available, CVSS 6.1		 Cross-site Scripting (XSS)
SNYK-RUBY-LOOFAH-22023		 No No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-RUBY-LOOFAH-3168317		 No No Known Exploit
high severity 579/1000
Why? Has a fix available, CVSS 7.3		 Cross-site Scripting (XSS)
SNYK-RUBY-LOOFAH-474102		 No No Known Exploit
medium severity 484/1000
Why? Has a fix available, CVSS 5.4		 Cross-site Scripting (XSS)
SNYK-RUBY-LOOFAH-72548		 No No Known Exploit
low severity 344/1000
Why? Has a fix available, CVSS 2.6		 XML External Entity (XXE) Injection
SNYK-RUBY-NOKOGIRI-1055008		 No No Known Exploit
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Denial of Service (DoS)
SNYK-RUBY-NOKOGIRI-1293239		 No Proof of Concept
medium severity 539/1000
Why? Has a fix available, CVSS 6.5		 Denial of Service (DoS)
SNYK-RUBY-NOKOGIRI-1583442		 No No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 XML External Entity (XXE) Injection
SNYK-RUBY-NOKOGIRI-1726792		 No No Known Exploit
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Denial of Service (DoS)
SNYK-RUBY-NOKOGIRI-20214		 No No Known Exploit
medium severity 539/1000
Why? Has a fix available, CVSS 6.5		 Denial of Service (DoS)
SNYK-RUBY-NOKOGIRI-20245		 No No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Arbitrary Code Execution
SNYK-RUBY-NOKOGIRI-20277		 No No Known Exploit
medium severity 601/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.6		 Sensitive Information Exposure
SNYK-RUBY-NOKOGIRI-20292		 No Proof of Concept
high severity 579/1000
Why? Has a fix available, CVSS 7.3		 XML External Entity (XXE) Injection
SNYK-RUBY-NOKOGIRI-20299		 No No Known Exploit
high severity 654/1000
Why? Has a fix available, CVSS 8.8		 Arbitrary Code Execution
SNYK-RUBY-NOKOGIRI-20367		 No No Known Exploit
high severity 654/1000
Why? Has a fix available, CVSS 8.8		 Out of Bounds Memory Write
SNYK-RUBY-NOKOGIRI-20368		 No No Known Exploit
high severity 826/1000
Why? Mature exploit, Has a fix available, CVSS 8.8		 Use of vulnerable libxml2
SNYK-RUBY-NOKOGIRI-20432		 No Mature
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Denial of Service (DoS)
SNYK-RUBY-NOKOGIRI-22013		 No No Known Exploit
high severity 654/1000
Why? Has a fix available, CVSS 8.8		 Denial of Service (DoS)
SNYK-RUBY-NOKOGIRI-22014		 No No Known Exploit
high severity 619/1000
Why? Has a fix available, CVSS 8.1		 Use After Free
SNYK-RUBY-NOKOGIRI-2413994		 No No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-RUBY-NOKOGIRI-2620374		 No No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Out-of-bounds Write
SNYK-RUBY-NOKOGIRI-2630623		 No No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Denial of Service (DoS)
SNYK-RUBY-NOKOGIRI-2630898		 No No Known Exploit
high severity 624/1000
Why? Has a fix available, CVSS 8.2		 Improper Handling of Unexpected Data Type
SNYK-RUBY-NOKOGIRI-2840634		 No No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 NULL Pointer Dereference
SNYK-RUBY-NOKOGIRI-3052880		 No No Known Exploit
medium severity 529/1000
Why? Has a fix available, CVSS 6.3		 Access Control Bypass
SNYK-RUBY-NOKOGIRI-3357693		 No No Known Exploit
high severity 619/1000
Why? Has a fix available, CVSS 8.1		 Command Injection
SNYK-RUBY-NOKOGIRI-459107		 No No Known Exploit
high severity 659/1000
Why? Has a fix available, CVSS 8.9		 Uncontrolled Memory Allocation
SNYK-RUBY-NOKOGIRI-534637		 No No Known Exploit
high severity 600/1000
Why? Has a fix available, CVSS 7.5		 Denial of Service (DoS)
SNYK-RUBY-NOKOGIRI-552159		 No No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Denial of Service (DoS)
SNYK-RUBY-NOKOGIRI-72433		 No No Known Exploit
medium severity 616/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.9		 Web Cache Poisoning
SNYK-RUBY-RACK-1061917		 No Proof of Concept
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Denial of Service (DoS)
SNYK-RUBY-RACK-20230		 No No Known Exploit
critical severity 704/1000
Why? Has a fix available, CVSS 9.8		 Arbitrary Code Injection
SNYK-RUBY-RACK-2848599		 No No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Denial of Service (DoS)
SNYK-RUBY-RACK-2848600		 No No Known Exploit
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-RUBY-RACK-3237240		 No No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Denial of Service (DoS)
SNYK-RUBY-RACK-3356639		 No No Known Exploit
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Information Exposure
SNYK-RUBY-RACK-538324		 No No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Directory Traversal
SNYK-RUBY-RACK-569066		 No No Known Exploit
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5		 Cross-site Request Forgery (CSRF)
SNYK-RUBY-RACK-572377		 No Proof of Concept
medium severity 519/1000
Why? Has a fix available, CVSS 6.1		 Cross-site Scripting (XSS)
SNYK-RUBY-RACK-72567		 No No Known Exploit
medium severity 519/1000
Why? Has a fix available, CVSS 6.1		 Cross-site Scripting (XSS)
SNYK-RUBY-RAILSHTMLSANITIZER-20254		 No No Known Exploit
medium severity 519/1000
Why? Has a fix available, CVSS 6.1		 Cross-site Scripting (XSS)
SNYK-RUBY-RAILSHTMLSANITIZER-20257		 No No Known Exploit
medium severity 519/1000
Why? Has a fix available, CVSS 6.1		 Cross-site Scripting (XSS)
SNYK-RUBY-RAILSHTMLSANITIZER-20261		 No No Known Exploit
medium severity 519/1000
Why? Has a fix available, CVSS 6.1		 Cross-site Scripting (XSS)
SNYK-RUBY-RAILSHTMLSANITIZER-22025		 No No Known Exploit
medium severity 531/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 4.2		 Cross-site Scripting (XSS)
SNYK-RUBY-RAILSHTMLSANITIZER-2935879		 No Proof of Concept
medium severity 484/1000
Why? Has a fix available, CVSS 5.4		 Cross-site Scripting (XSS)
SNYK-RUBY-RAILSHTMLSANITIZER-3168316		 No No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-RUBY-RAILSHTMLSANITIZER-3168646		 No No Known Exploit
medium severity 424/1000
Why? Has a fix available, CVSS 4.2		 Cross-site Scripting (XSS)
SNYK-RUBY-RAILSHTMLSANITIZER-3168648		 No No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Directory Traversal
SNYK-RUBY-TZINFO-2958048		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting (XSS)
🦉 Denial of Service (DoS)
🦉 Deserialization of Untrusted Data
🦉 More lessons are available in Snyk Learn

@snyk-bot
fix: Gemfile to reduce vulnerabilities
56a5f97 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-20228
- https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-20229
- https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-3237242
- https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-3360028
- https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-569598
- https://snyk.io/vuln/SNYK-RUBY-ERUBIS-20482
- https://snyk.io/vuln/SNYK-RUBY-GLOBALID-3237234
- https://snyk.io/vuln/SNYK-RUBY-I18N-72582
- https://snyk.io/vuln/SNYK-RUBY-LOOFAH-22023
- https://snyk.io/vuln/SNYK-RUBY-LOOFAH-3168317
- https://snyk.io/vuln/SNYK-RUBY-LOOFAH-474102
- https://snyk.io/vuln/SNYK-RUBY-LOOFAH-72548
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-1055008
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-1293239
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-1583442
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-1726792
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20214
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20245
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20277
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20292
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20299
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20367
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20368
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20432
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-22013
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-22014
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2413994
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2620374
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2630623
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2630898
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2840634
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-3052880
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-3357693
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-459107
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-534637
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-552159
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-72433
- https://snyk.io/vuln/SNYK-RUBY-RACK-1061917
- https://snyk.io/vuln/SNYK-RUBY-RACK-20230
- https://snyk.io/vuln/SNYK-RUBY-RACK-2848599
- https://snyk.io/vuln/SNYK-RUBY-RACK-2848600
- https://snyk.io/vuln/SNYK-RUBY-RACK-3237240
- https://snyk.io/vuln/SNYK-RUBY-RACK-3356639
- https://snyk.io/vuln/SNYK-RUBY-RACK-538324
- https://snyk.io/vuln/SNYK-RUBY-RACK-569066
- https://snyk.io/vuln/SNYK-RUBY-RACK-572377
- https://snyk.io/vuln/SNYK-RUBY-RACK-72567
- https://snyk.io/vuln/SNYK-RUBY-RAILSHTMLSANITIZER-20254
- https://snyk.io/vuln/SNYK-RUBY-RAILSHTMLSANITIZER-20257
- https://snyk.io/vuln/SNYK-RUBY-RAILSHTMLSANITIZER-20261
- https://snyk.io/vuln/SNYK-RUBY-RAILSHTMLSANITIZER-22025
- https://snyk.io/vuln/SNYK-RUBY-RAILSHTMLSANITIZER-2935879
- https://snyk.io/vuln/SNYK-RUBY-RAILSHTMLSANITIZER-3168316
- https://snyk.io/vuln/SNYK-RUBY-RAILSHTMLSANITIZER-3168646
- https://snyk.io/vuln/SNYK-RUBY-RAILSHTMLSANITIZER-3168648
- https://snyk.io/vuln/SNYK-RUBY-TZINFO-2958048
# for free to subscribe to this conversation on GitHub. Already have an account? #.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@svcprodsec-sendgrid @snyk-bot