-
-
Save jgamblin/9af302c7e29d8878adb4168f0c646cc6 to your computer and use it in GitHub Desktop.
Bundle Audit Of Netflix Github
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Vulnerablities Found In Workflowable: | |
| Name: actionpack | |
| Version: 4.0.4 | |
| Advisory: CVE-2014-7818 | |
| Criticality: Medium | |
| URL: https://groups.google.com/forum/#!topic/rubyonrails-security/dCp7duBiQgo | |
| Title: Arbitrary file existence disclosure in Action Pack | |
| Solution: upgrade to ~> 3.2.20, ~> 4.0.11, ~> 4.1.7, >= 4.2.0.beta3 | |
| Name: actionpack | |
| Version: 4.0.4 | |
| Advisory: CVE-2016-2098 | |
| Criticality: Unknown | |
| URL: https://groups.google.com/forum/#!topic/rubyonrails-security/ly-IH-fxr_Q | |
| Title: Possible remote code execution vulnerability in Action Pack | |
| Solution: upgrade to ~> 3.2.22.2, ~> 4.2.5, >= 4.2.5.2, ~> 4.1.14, >= 4.1.14.2 | |
| Name: actionpack | |
| Version: 4.0.4 | |
| Advisory: CVE-2015-7576 | |
| Criticality: Medium | |
| URL: https://groups.google.com/forum/#!topic/rubyonrails-security/ANv0HDHEC3k | |
| Title: Timing attack vulnerability in basic authentication in Action Controller. | |
| Solution: upgrade to >= 5.0.0.beta1.1, ~> 4.2.5, >= 4.2.5.1, ~> 4.1.14, >= 4.1.14.1, ~> 3.2.22.1 | |
| Name: actionpack | |
| Version: 4.0.4 | |
| Advisory: CVE-2016-6316 | |
| Criticality: Unknown | |
| URL: https://groups.google.com/forum/#!topic/rubyonrails-security/I-VWr034ouk | |
| Title: Possible XSS Vulnerability in Action View | |
| Solution: upgrade to ~> 3.2.22.3, ~> 4.2.7.1, >= 5.0.0.1 | |
| Name: actionpack | |
| Version: 4.0.4 | |
| Advisory: CVE-2014-0130 | |
| Criticality: Medium | |
| URL: https://groups.google.com/forum/#!topic/rubyonrails-security/NkKc7vTW70o | |
| Title: Directory Traversal Vulnerability With Certain Route Configurations | |
| Solution: upgrade to ~> 3.2.18, ~> 4.0.5, >= 4.1.1 | |
| Name: actionpack | |
| Version: 4.0.4 | |
| Advisory: CVE-2016-0752 | |
| Criticality: Unknown | |
| URL: https://groups.google.com/forum/#!topic/rubyonrails-security/335P1DcLG00 | |
| Title: Possible Information Leak Vulnerability in Action View | |
| Solution: upgrade to >= 5.0.0.beta1.1, ~> 4.2.5, >= 4.2.5.1, ~> 4.1.14, >= 4.1.14.1, ~> 3.2.22.1 | |
| Name: actionpack | |
| Version: 4.0.4 | |
| Advisory: CVE-2016-0751 | |
| Criticality: Medium | |
| URL: https://groups.google.com/forum/#!topic/rubyonrails-security/9oLY_FCzvoc | |
| Title: Possible Object Leak and Denial of Service attack in Action Pack | |
| Solution: upgrade to >= 5.0.0.beta1.1, ~> 4.2.5, >= 4.2.5.1, ~> 4.1.14, >= 4.1.14.1, ~> 3.2.22.1 | |
| Name: actionpack | |
| Version: 4.0.4 | |
| Advisory: CVE-2015-7581 | |
| Criticality: Unknown | |
| URL: https://groups.google.com/forum/#!topic/rubyonrails-security/dthJ5wL69JE | |
| Title: Object leak vulnerability for wildcard controller routes in Action Pack | |
| Solution: upgrade to ~> 4.2.5, >= 4.2.5.1, ~> 4.1.14, >= 4.1.14.1 | |
| Name: actionpack | |
| Version: 4.0.4 | |
| Advisory: CVE-2016-2097 | |
| Criticality: Unknown | |
| URL: https://groups.google.com/forum/#!topic/rubyonrails-security/ddY6HgqB2z4 | |
| Title: Possible Information Leak Vulnerability in Action View | |
| Solution: upgrade to ~> 3.2.22.2, ~> 4.1.14, >= 4.1.14.2 | |
| Name: actionpack | |
| Version: 4.0.4 | |
| Advisory: CVE-2014-7829 | |
| Criticality: Medium | |
| URL: https://groups.google.com/forum/#!topic/rubyonrails-security/rMTQy4oRCGk | |
| Title: Arbitrary file existence disclosure in Action Pack | |
| Solution: upgrade to ~> 3.2.21, ~> 4.0.11.1, ~> 4.0.12, ~> 4.1.7.1, >= 4.1.8 | |
| Name: activerecord | |
| Version: 4.0.4 | |
| Advisory: CVE-2015-7577 | |
| Criticality: Medium | |
| URL: https://groups.google.com/forum/#!topic/rubyonrails-security/cawsWcQ6c8g | |
| Title: Nested attributes rejection proc bypass in Active Record | |
| Solution: upgrade to >= 5.0.0.beta1.1, ~> 4.2.5, >= 4.2.5.1, ~> 4.1.14, >= 4.1.14.1, ~> 3.2.22.1 | |
| Name: activerecord | |
| Version: 4.0.4 | |
| Advisory: CVE-2014-3514 | |
| Criticality: High | |
| URL: https://groups.google.com/forum/#!msg/rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ | |
| Title: Data Injection Vulnerability in Active Record | |
| Solution: upgrade to ~> 4.0.9, >= 4.1.5 | |
| Name: activerecord | |
| Version: 4.0.4 | |
| Advisory: CVE-2014-3483 | |
| Criticality: Unknown | |
| URL: http://osvdb.org/show/osvdb/108665 | |
| Title: SQL Injection Vulnerability in Active Record | |
| Solution: upgrade to ~> 4.0.7, >= 4.1.3 | |
| Name: activesupport | |
| Version: 4.0.4 | |
| Advisory: CVE-2015-3227 | |
| Criticality: Unknown | |
| URL: https://groups.google.com/forum/#!topic/rubyonrails-security/bahr2JLnxvk | |
| Title: Possible Denial of Service attack in Active Support | |
| Solution: upgrade to >= 4.2.2, ~> 4.1.11, ~> 3.2.22 | |
| Name: ffi | |
| Version: 1.9.3 | |
| Advisory: CVE-2018-1000201 | |
| Criticality: High | |
| URL: https://github.com/ffi/ffi/releases/tag/1.9.24 | |
| Title: ruby-ffi DDL loading issue on Windows OS | |
| Solution: upgrade to >= 1.9.24 | |
| Name: i18n | |
| Version: 0.6.9 | |
| Advisory: CVE-2014-10077 | |
| Criticality: Unknown | |
| URL: https://github.com/svenfuchs/i18n/pull/289 | |
| Title: i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS | |
| Solution: upgrade to >= 0.8.0 | |
| Name: jquery-rails | |
| Version: 3.1.1 | |
| Advisory: CVE-2015-1840 | |
| Criticality: Medium | |
| URL: https://groups.google.com/forum/#!topic/ruby-security-ann/XIZPbobuwaY | |
| Title: CSRF Vulnerability in jquery-rails | |
| Solution: upgrade to >= 4.0.4, ~> 3.1.3 | |
| Name: mail | |
| Version: 2.5.4 | |
| Advisory: CVE-2015-9097 | |
| Criticality: Unknown | |
| URL: https://hackerone.com/reports/137631 | |
| Title: SMTP command injection | |
| Solution: upgrade to >= 2.5.5 | |
| Name: rack | |
| Version: 1.5.2 | |
| Advisory: CVE-2018-16471 | |
| Criticality: Unknown | |
| URL: https://groups.google.com/forum/#!topic/ruby-security-ann/NAalCee8n6o | |
| Title: Possible XSS vulnerability in Rack | |
| Solution: upgrade to ~> 1.6.11, >= 2.0.6 | |
| Name: rack | |
| Version: 1.5.2 | |
| Advisory: CVE-2015-3225 | |
| Criticality: Unknown | |
| URL: https://groups.google.com/forum/#!topic/ruby-security-ann/gcUbICUmKMc | |
| Title: Potential Denial of Service Vulnerability in Rack | |
| Solution: upgrade to >= 1.6.2, ~> 1.5.4, ~> 1.4.6 | |
| Name: sprockets | |
| Version: 2.12.0 | |
| Advisory: CVE-2014-7819 | |
| Criticality: Medium | |
| URL: https://groups.google.com/forum/#!topic/rubyonrails-security/doAVp0YaTqY | |
| Title: Arbitrary file existence disclosure in Sprockets | |
| Solution: upgrade to ~> 2.0.5, ~> 2.1.4, ~> 2.2.3, ~> 2.3.3, ~> 2.4.6, ~> 2.5.1, ~> 2.7.1, ~> 2.8.3, ~> 2.9.4, ~> 2.10.2, ~> 2.11.3, ~> 2.12.3, >= 3.0.0.beta.3 | |
| Name: sprockets | |
| Version: 2.12.0 | |
| Advisory: CVE-2018-3760 | |
| Criticality: Unknown | |
| URL: https://groups.google.com/forum/#!topic/ruby-security-ann/2S9Pwz2i16k | |
| Title: Path Traversal in Sprockets | |
| Solution: upgrade to >= 2.12.5, < 3.0.0, >= 3.7.2, < 4.0.0, >= 4.0.0.beta8 | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment