Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

[Snyk] Fix for 54 vulnerabilities#12

Open
MacLeeIn wants to merge 1 commit intomasterMacLeeIn/REST-API-example:masterfrom
snyk-fix-073d27f264278b7242a684b3a2e7f920MacLeeIn/REST-API-example:snyk-fix-073d27f264278b7242a684b3a2e7f920Copy head branch name to clipboard
Open

[Snyk] Fix for 54 vulnerabilities#12
MacLeeIn wants to merge 1 commit intomasterMacLeeIn/REST-API-example:masterfrom
snyk-fix-073d27f264278b7242a684b3a2e7f920MacLeeIn/REST-API-example:snyk-fix-073d27f264278b7242a684b3a2e7f920Copy head branch name to clipboard

Conversation

@MacLeeIn
Copy link
Owner

@MacLeeIn MacLeeIn commented Apr 4, 2023

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `rubygems` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • Gemfile
    • Gemfile.lock

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-RUBY-ADDRESSABLE-1316242		 No No Known Exploit
high severity 726/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 8.1		 Command Injection
SNYK-RUBY-GIT-2421270		 No Proof of Concept
high severity 614/1000
Why? Has a fix available, CVSS 8		 Remote Code Execution (RCE)
SNYK-RUBY-GIT-3227617		 No No Known Exploit
critical severity 679/1000
Why? Has a fix available, CVSS 9.3		 Denial of Service (DoS)
SNYK-RUBY-JSON-560838		 Yes No Known Exploit
low severity 344/1000
Why? Has a fix available, CVSS 2.6		 XML External Entity (XXE) Injection
SNYK-RUBY-NOKOGIRI-1055008		 No No Known Exploit
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Denial of Service (DoS)
SNYK-RUBY-NOKOGIRI-1293239		 No Proof of Concept
medium severity 539/1000
Why? Has a fix available, CVSS 6.5		 Denial of Service (DoS)
SNYK-RUBY-NOKOGIRI-1583442		 No No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 XML External Entity (XXE) Injection
SNYK-RUBY-NOKOGIRI-1726792		 No No Known Exploit
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 XML External Entity (XXE) Injection
SNYK-RUBY-NOKOGIRI-20127		 No No Known Exploit
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Denial of Service (DoS)
SNYK-RUBY-NOKOGIRI-20129		 No No Known Exploit
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Denial of Service (DoS)
SNYK-RUBY-NOKOGIRI-20157		 No No Known Exploit
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Denial of Service (DoS)
SNYK-RUBY-NOKOGIRI-20214		 No No Known Exploit
high severity 579/1000
Why? Has a fix available, CVSS 7.3		 XML External Entity (XXE) Injection
SNYK-RUBY-NOKOGIRI-20299		 No No Known Exploit
high severity 654/1000
Why? Has a fix available, CVSS 8.8		 Arbitrary Code Execution
SNYK-RUBY-NOKOGIRI-20367		 No No Known Exploit
high severity 654/1000
Why? Has a fix available, CVSS 8.8		 Out of Bounds Memory Write
SNYK-RUBY-NOKOGIRI-20368		 No No Known Exploit
high severity 826/1000
Why? Mature exploit, Has a fix available, CVSS 8.8		 Use of vulnerable libxml2
SNYK-RUBY-NOKOGIRI-20432		 No Mature
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Denial of Service (DoS)
SNYK-RUBY-NOKOGIRI-22013		 No No Known Exploit
high severity 654/1000
Why? Has a fix available, CVSS 8.8		 Denial of Service (DoS)
SNYK-RUBY-NOKOGIRI-22014		 No No Known Exploit
high severity 619/1000
Why? Has a fix available, CVSS 8.1		 Use After Free
SNYK-RUBY-NOKOGIRI-2413994		 No No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-RUBY-NOKOGIRI-2620374		 No No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Out-of-bounds Write
SNYK-RUBY-NOKOGIRI-2630623		 No No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Denial of Service (DoS)
SNYK-RUBY-NOKOGIRI-2630898		 No No Known Exploit
high severity 624/1000
Why? Has a fix available, CVSS 8.2		 Improper Handling of Unexpected Data Type
SNYK-RUBY-NOKOGIRI-2840634		 No No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 NULL Pointer Dereference
SNYK-RUBY-NOKOGIRI-3052880		 No No Known Exploit
medium severity 414/1000
Why? Has a fix available, CVSS 4		 Out-of-Bounds
SNYK-RUBY-NOKOGIRI-3357692		 No No Known Exploit
medium severity 529/1000
Why? Has a fix available, CVSS 6.3		 Access Control Bypass
SNYK-RUBY-NOKOGIRI-3357693		 No No Known Exploit
high severity 619/1000
Why? Has a fix available, CVSS 8.1		 Command Injection
SNYK-RUBY-NOKOGIRI-459107		 No No Known Exploit
high severity 659/1000
Why? Has a fix available, CVSS 8.9		 Uncontrolled Memory Allocation
SNYK-RUBY-NOKOGIRI-534637		 No No Known Exploit
high severity 600/1000
Why? Has a fix available, CVSS 7.5		 Denial of Service (DoS)
SNYK-RUBY-NOKOGIRI-552159		 No No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Denial of Service (DoS)
SNYK-RUBY-NOKOGIRI-72433		 No No Known Exploit
medium severity 616/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.9		 Web Cache Poisoning
SNYK-RUBY-RACK-1061917		 No Proof of Concept
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Denial of Service (DoS)
SNYK-RUBY-RACK-20230		 No No Known Exploit
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 IP Spoofing
SNYK-RUBY-RACK-20399		 No No Known Exploit
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Denial of Service (DoS)
SNYK-RUBY-RACK-20400		 No No Known Exploit
critical severity 704/1000
Why? Has a fix available, CVSS 9.8		 Arbitrary Code Injection
SNYK-RUBY-RACK-2848599		 Yes No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Denial of Service (DoS)
SNYK-RUBY-RACK-2848600		 Yes No Known Exploit
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-RUBY-RACK-3237240		 Yes No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Denial of Service (DoS)
SNYK-RUBY-RACK-3356639		 Yes No Known Exploit
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Information Exposure
SNYK-RUBY-RACK-538324		 No No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Directory Traversal
SNYK-RUBY-RACK-569066		 Yes No Known Exploit
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5		 Cross-site Request Forgery (CSRF)
SNYK-RUBY-RACK-572377		 Yes Proof of Concept
medium severity 519/1000
Why? Has a fix available, CVSS 6.1		 Cross-site Scripting (XSS)
SNYK-RUBY-RACK-72567		 No No Known Exploit
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Cross-site Request Forgery (CSRF)
SNYK-RUBY-RACKCONTRIB-20391		 No No Known Exploit
low severity 399/1000
Why? Has a fix available, CVSS 3.7		 Side-channel attack
SNYK-RUBY-RACKPROTECTION-20394		 Yes No Known Exploit
medium severity 509/1000
Why? Has a fix available, CVSS 5.9		 Timing Attack
SNYK-RUBY-RACKPROTECTION-20395		 No No Known Exploit
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Directory Traversal
SNYK-RUBY-RACKPROTECTION-22019		 No No Known Exploit
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3		 Arbitrary Code Injection
SNYK-RUBY-RAKE-552000		 No Proof of Concept
high severity 619/1000
Why? Has a fix available, CVSS 8.1		 Command Injection
SNYK-RUBY-RDOC-1279617		 No No Known Exploit
high severity 564/1000
Why? Has a fix available, CVSS 7		 Command Injection
SNYK-RUBY-RDOC-1316279		 No No Known Exploit
medium severity 539/1000
Why? Has a fix available, CVSS 6.5		 Cross-site Scripting (XSS)
SNYK-RUBY-SINATRA-20469		 No No Known Exploit
medium severity 509/1000
Why? Has a fix available, CVSS 5.9		 Timing Attack
SNYK-RUBY-SINATRA-20488		 Yes No Known Exploit
medium severity 519/1000
Why? Has a fix available, CVSS 6.1		 Cross-site Scripting (XSS)
SNYK-RUBY-SINATRA-22027		 Yes No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Improper Input Validation
SNYK-RUBY-SINATRA-2806372		 Yes No Known Exploit
high severity 654/1000
Why? Has a fix available, CVSS 8.8		 Resources Downloaded over Insecure Protocol
SNYK-RUBY-SINATRA-3150405		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Remote Code Execution (RCE)
🦉 XML External Entity (XXE) Injection
🦉 More lessons are available in Snyk Learn

@snyk-bot
fix: Gemfile & Gemfile.lock to reduce vulnerabilities
3d80b0f 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-ADDRESSABLE-1316242
- https://snyk.io/vuln/SNYK-RUBY-GIT-2421270
- https://snyk.io/vuln/SNYK-RUBY-GIT-3227617
- https://snyk.io/vuln/SNYK-RUBY-JSON-560838
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-1055008
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-1293239
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-1583442
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-1726792
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20127
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20129
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20157
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20214
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20299
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20367
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20368
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20432
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-22013
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-22014
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2413994
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2620374
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2630623
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2630898
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2840634
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-3052880
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-3357692
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-3357693
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-459107
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-534637
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-552159
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-72433
- https://snyk.io/vuln/SNYK-RUBY-RACK-1061917
- https://snyk.io/vuln/SNYK-RUBY-RACK-20230
- https://snyk.io/vuln/SNYK-RUBY-RACK-20399
- https://snyk.io/vuln/SNYK-RUBY-RACK-20400
- https://snyk.io/vuln/SNYK-RUBY-RACK-2848599
- https://snyk.io/vuln/SNYK-RUBY-RACK-2848600
- https://snyk.io/vuln/SNYK-RUBY-RACK-3237240
- https://snyk.io/vuln/SNYK-RUBY-RACK-3356639
- https://snyk.io/vuln/SNYK-RUBY-RACK-538324
- https://snyk.io/vuln/SNYK-RUBY-RACK-569066
- https://snyk.io/vuln/SNYK-RUBY-RACK-572377
- https://snyk.io/vuln/SNYK-RUBY-RACK-72567
- https://snyk.io/vuln/SNYK-RUBY-RACKCONTRIB-20391
- https://snyk.io/vuln/SNYK-RUBY-RACKPROTECTION-20394
- https://snyk.io/vuln/SNYK-RUBY-RACKPROTECTION-20395
- https://snyk.io/vuln/SNYK-RUBY-RACKPROTECTION-22019
- https://snyk.io/vuln/SNYK-RUBY-RAKE-552000
- https://snyk.io/vuln/SNYK-RUBY-RDOC-1279617
- https://snyk.io/vuln/SNYK-RUBY-RDOC-1316279
- https://snyk.io/vuln/SNYK-RUBY-SINATRA-20469
- https://snyk.io/vuln/SNYK-RUBY-SINATRA-20488
- https://snyk.io/vuln/SNYK-RUBY-SINATRA-22027
- https://snyk.io/vuln/SNYK-RUBY-SINATRA-2806372
- https://snyk.io/vuln/SNYK-RUBY-SINATRA-3150405
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@MacLeeIn @snyk-bot
Morty Proxy This is a proxified and sanitized view of the page, visit original site.