Skip to content

Instantly share code, notes, and snippets.

@wonda-tea-coffee

wonda-tea-coffee/reported_vulnerabilities.md

Last active January 12, 2024 03:08
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save wonda-tea-coffee/11581b0fbb5378b030861665bb22d432 to your computer and use it in GitHub Desktop.
Save wonda-tea-coffee/11581b0fbb5378b030861665bb22d432 to your computer and use it in GitHub Desktop.
Download ZIP
報告した脆弱性のうち公開できるもの
Raw
reported_vulnerabilities.md

2021/02/08
CVE-2021-21305 / carrierwave / Code Injection vulnerability in CarrierWave::RMagick https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-cf3w-g86h-35x4

2021/03/03
active_attr / ReDoS vulnerability in ActiveAttr::Typecasting::BooleanTypecaster#call
cgriego/active_attr#184

2021/03/28
CVE-2021-31866 / redmine / timing attack
https://nvd.nist.gov/vuln/detail/CVE-2021-31866

2021/05/06
[CVE-2021-22904] Possible DoS Vulnerability in Action Controller Token Authentication
https://discuss.rubyonrails.org/t/cve-2021-22904-possible-dos-vulnerability-in-action-controller-token-authentication/77869

2022/11/16
rubyzip / Path Traversal
rubyzip/rubyzip#540

2023/01/18
[CVE-2023-22797] Possible Open Redirect Vulnerability in Action Pack
https://discuss.rubyonrails.org/t/cve-2023-22797-possible-open-redirect-vulnerability-in-action-pack/82120

[CVE-2023-22795] Possible ReDoS based DoS vulnerability in Action Dispatch
https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment