Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade spree from 1.1.3 to 4.7.0 #4

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade spree from 1.1.3 to 4.7.0 #4

wants to merge 1 commit into from

Conversation

AuMyers
Copy link

@AuMyers AuMyers commented Sep 6, 2024

snyk-top-banner

Snyk has created this PR to fix 113 vulnerabilities in the rubygems dependencies of this project.

Snyk changed the following file(s):

  • Gemfile
⚠️ Warning 
Failed to update the Gemfile.lock, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

Issue Score
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-RUBY-RACK-6274384		   ****  
high severity Denial of Service (DoS)
SNYK-RUBY-RACK-6274385		   ****  
medium severity Cross-site Scripting (XSS)
SNYK-RUBY-RACK-72567		   ****  
medium severity Cross-site Scripting (XSS)
SNYK-RUBY-RACKSSL-20101		   ****  
medium severity Timing Attack
SNYK-RUBY-RAILTIES-20454		   ****  
high severity Arbitrary Code Injection
SNYK-RUBY-RAKE-552000		   ****  
high severity Command Injection
SNYK-RUBY-RDOC-1279617		   ****  
high severity Command Injection
SNYK-RUBY-RDOC-1316279		   ****  
medium severity Cross-site Scripting (XSS)
SNYK-RUBY-RDOC-20057		   ****  
medium severity Code Injection
SNYK-RUBY-RDOC-6476871		   ****  
medium severity Arbitrary File Existence Exposure
SNYK-RUBY-SPROCKETS-20199		   ****  
high severity Directory Traversal
SNYK-RUBY-SPROCKETS-22032		   ****  
high severity Directory Traversal
SNYK-RUBY-TZINFO-2958048		   ****  
high severity Deserialization of Untrusted Data
SNYK-RUBY-ACTIVESUPPORT-569598		   834  
high severity Use of vulnerable libxml2
SNYK-RUBY-NOKOGIRI-20432		   826  
high severity Directory Traversal
SNYK-RUBY-ACTIONPACK-20158		   804  
high severity Arbitrary Code Execution
SNYK-RUBY-ACTIONPACK-20047		   794  
high severity Arbitrary Code Injection
SNYK-RUBY-ACTIONPACK-20264		   794  
critical severity Remote Code Execution (RCE)
SNYK-RUBY-ACTIVERECORD-2960802		   704  
critical severity Arbitrary Code Injection
SNYK-RUBY-RACK-2848599		   704  
high severity Denial of Service (DoS)
SNYK-RUBY-NOKOGIRI-1293239		   696  
high severity Denial of Service (DoS)
SNYK-RUBY-NOKOGIRI-6056551		   696  
high severity Denial of Service (DoS)
SNYK-RUBY-NOKOGIRI-6056552		   696  
high severity Denial of Service (DoS)
SNYK-RUBY-NOKOGIRI-6056553		   696  
high severity Denial of Service (DoS)
SNYK-RUBY-NOKOGIRI-6056554		   696  
high severity Denial of Service (DoS)
SNYK-RUBY-NOKOGIRI-6056555		   696  
high severity Heap-based Buffer Overflow
SNYK-RUBY-NOKOGIRI-7164639		   696  
critical severity Denial of Service (DoS)
SNYK-RUBY-JSON-560838		   679  
critical severity Arbitrary Addition Creation
SNYK-RUBY-JSON-20056		   669  
high severity Uncontrolled Memory Allocation
SNYK-RUBY-NOKOGIRI-534637		   659  
medium severity Cross-site Scripting (XSS)
SNYK-RUBY-JQUERYRAILS-449590		   656  
high severity Arbitrary Code Execution
SNYK-RUBY-NOKOGIRI-20367		   654  
high severity Out of Bounds Memory Write
SNYK-RUBY-NOKOGIRI-20368		   654  
high severity Denial of Service (DoS)
SNYK-RUBY-NOKOGIRI-22014		   654  
medium severity Cross-site Request Forgery (CSRF)
SNYK-RUBY-ACTIONPACK-569599		   646  
medium severity Information Exposure
SNYK-RUBY-ACTIONPACK-569600		   646  
medium severity External Control of Assumed-Immutable Web Parameter
SNYK-RUBY-HTTPARTY-3188560		   646  
medium severity Cross-site Request Forgery (CSRF)
SNYK-RUBY-RACK-572377		   646  
medium severity Cross-site Scripting (XSS)
SNYK-RUBY-KAMINARI-570586		   641  
high severity Improper Handling of Unexpected Data Type
SNYK-RUBY-NOKOGIRI-2840634		   624  
high severity Use After Free
SNYK-RUBY-NOKOGIRI-2413994		   619  
high severity Command Injection
SNYK-RUBY-NOKOGIRI-459107		   619  
medium severity Web Cache Poisoning
SNYK-RUBY-RACK-1061917		   616  
high severity Denial of Service (DoS)
SNYK-RUBY-NOKOGIRI-552159		   600  
high severity Denial of Service (DoS)
SNYK-RUBY-ACTIONPACK-1290052		   589  
high severity Denial of Service (DoS)
SNYK-RUBY-ACTIONPACK-20256		   589  
high severity Denial of Service (DoS)
SNYK-RUBY-ACTIVERECORD-3237239		   589  
high severity Denial of Service (DoS)
SNYK-RUBY-I18N-72582		   589  
high severity XML External Entity (XXE) Injection
SNYK-RUBY-NOKOGIRI-1726792		   589  
high severity Denial of Service (DoS)
SNYK-RUBY-NOKOGIRI-22013		   589  
high severity Regular Expression Denial of Service (ReDoS)
SNYK-RUBY-NOKOGIRI-2620374		   589  
high severity Out-of-bounds Write
SNYK-RUBY-NOKOGIRI-2630623		   589  
high severity Denial of Service (DoS)
SNYK-RUBY-NOKOGIRI-2630898		   589  
high severity NULL Pointer Dereference
SNYK-RUBY-NOKOGIRI-3052880		   589  
high severity Denial of Service (DoS)
SNYK-RUBY-NOKOGIRI-72433		   589  
high severity Denial of Service (DoS)
SNYK-RUBY-RACK-2848600		   589  
high severity Denial of Service (DoS)
SNYK-RUBY-RACK-3356639		   589  
high severity Directory Traversal
SNYK-RUBY-RACK-569066		   589  
medium severity Information Exposure
SNYK-RUBY-ACTIONPACK-1290051		   586  
high severity Information Exposure
SNYK-RUBY-ACTIONPACK-2400638		   584  
high severity Data Injection
SNYK-RUBY-ACTIVERECORD-1314522		   579  
high severity SQL Injection
SNYK-RUBY-ACTIVERECORD-20044		   579  
high severity SQL Injection
SNYK-RUBY-ACTIVERECORD-20185		   579  
high severity Arbitrary Code Execution
SNYK-RUBY-HTTPARTY-20053		   579  
high severity Denial of Service (DoS)
SNYK-RUBY-JSON-20060		   579  
high severity Arbitrary Command Execution
SNYK-RUBY-MULTIXML-20051		   579  
high severity XML External Entity (XXE) Injection
SNYK-RUBY-NOKOGIRI-20299		   579  
medium severity Unsafe Query Generation Risk
SNYK-RUBY-ACTIONPACK-20125		   539  
medium severity JSON Parameter Parsing Query Bypass
SNYK-RUBY-ACTIVERECORD-20046		   539  
medium severity Denial of Service (DoS)
SNYK-RUBY-NOKOGIRI-1583442		   539  
medium severity Arbitrary File Disclosure
SNYK-RUBY-RACK-20058		   536  
medium severity Data Injection
SNYK-RUBY-ACTIVERECORD-20149		   529  
medium severity Security Bypass
SNYK-RUBY-DEVISE-20055		   529  
medium severity Access Control Bypass
SNYK-RUBY-NOKOGIRI-3357693		   529  
medium severity Use After Free
SNYK-RUBY-NOKOGIRI-6228056		   524  
medium severity Cross-site Scripting (XSS)
SNYK-RUBY-ACTIVESUPPORT-3360028		   519  
medium severity SMTP Injection
SNYK-RUBY-MAIL-20244		   519  
medium severity Timing Attack
SNYK-RUBY-RACK-20059		   494  
medium severity Denial of Service (DoS)
SNYK-RUBY-ACTIVESUPPORT-20294		   484  
medium severity Denial of Service (DoS)
SNYK-RUBY-ACTIONPACK-20122		   479  
medium severity Denial of Service (DoS)
SNYK-RUBY-ACTIONPACK-20148		   479  
medium severity Arbitrary File Existence Exposure
SNYK-RUBY-ACTIONPACK-20200		   479  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-RUBY-ACTIONPACK-3237231		   479  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-RUBY-ACTIONPACK-3237232		   479  
medium severity Denial of Service (DoS)
SNYK-RUBY-ACTIVERECORD-20088		   479  
medium severity Nested Attributes Rejection Bypass
SNYK-RUBY-ACTIVERECORD-20259		   479  
medium severity Information Exposure
SNYK-RUBY-ACTIVERESOURCE-568275		   479  
medium severity Denial of Service (DoS)
SNYK-RUBY-ACTIVESUPPORT-20229		   479  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-RUBY-ACTIVESUPPORT-3237242		   479  
medium severity XML External Entity (XXE) Injection
SNYK-RUBY-NOKOGIRI-20127		   479  
medium severity Denial of Service (DoS)
SNYK-RUBY-NOKOGIRI-20129		   479  
medium severity Denial of Service (DoS)
SNYK-RUBY-NOKOGIRI-20157		   479  
medium severity Denial of Service (DoS)
SNYK-RUBY-NOKOGIRI-20214		   479  
medium severity Denial of Service (DoS)
SNYK-RUBY-RACK-20045		   479  
medium severity Denial of Service (DoS)
SNYK-RUBY-RACK-20230		   479  
medium severity IP Spoofing
SNYK-RUBY-RACK-20399		   479  
medium severity Information Exposure
SNYK-RUBY-RACK-538324		   479  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-RUBY-RACK-6274383		   479  
medium severity Cross-site Scripting (XSS)
SNYK-RUBY-ACTIONPACK-5741907		   449  
medium severity Denial of Service (DoS)
SNYK-RUBY-ACTIONMAILER-20112		   429  
medium severity Cross-site Scripting (XSS)
SNYK-RUBY-ACTIONPACK-20087		   429  
medium severity Cross-site Scripting (XSS)
SNYK-RUBY-ACTIONPACK-20090		   429  
medium severity Cross-site Scripting (XSS)
SNYK-RUBY-ACTIONPACK-20121		   429  
medium severity Cross-site Scripting (XSS)
SNYK-RUBY-ACTIONPACK-20123		   429  
medium severity Cross-site Scripting (XSS)
SNYK-RUBY-ACTIONPACK-20147		   429  
medium severity Arbitrary File Existence Exposure
SNYK-RUBY-ACTIONPACK-20198		   429  
medium severity Access Restriction Bypass
SNYK-RUBY-ACTIVERECORD-20062		   429  
medium severity Cross-site Scripting (XSS)
SNYK-RUBY-I18N-20124		   429  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-RUBY-RACK-20028		   429  
medium severity Denial of Service (DoS)
SNYK-RUBY-RACK-20052		   429  
medium severity Cross-site Scripting (XSS)
SNYK-RUBY-ERUBIS-20482		   424  
low severity Timing Attack
SNYK-RUBY-ACTIONPACK-20258		   399  
low severity XML External Entity (XXE) Injection
SNYK-RUBY-NOKOGIRI-1055008		   344  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service (DoS)
🦉 Arbitrary Code Execution
🦉 Cross-site Scripting (XSS)
🦉 More lessons are available in Snyk Learn

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"spree","from":"1.1.3","to":"4.7.0"}],"env":"prod","issuesToFix":[{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONMAILER-20112","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONMAILER-20112","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONMAILER-20112","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONMAILER-20112","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONMAILER-20112","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONMAILER-20112","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONMAILER-20112","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONMAILER-20112","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"Mature","id":"SNYK-RUBY-ACTIONPACK-20047","priority_score":794,"priority_score_factors":[{"type":"exploit","label":"High","score":214},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary Code Execution"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20087","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20090","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20121","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20122","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20123","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20125","priority_score":539,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Unsafe Query Generation Risk"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20147","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20148","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"Mature","id":"SNYK-RUBY-ACTIONPACK-20158","priority_score":804,"priority_score_factors":[{"type":"exploit","label":"High","score":214},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Directory Traversal"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20198","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Arbitrary File Existence Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20200","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Arbitrary File Existence Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20256","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20258","priority_score":399,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Timing Attack"},{"exploit_maturity":"Mature","id":"SNYK-RUBY-ACTIONPACK-20264","priority_score":794,"priority_score_factors":[{"type":"exploit","label":"High","score":214},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary Code Injection"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20087","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20090","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20121","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20122","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20123","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20125","priority_score":539,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Unsafe Query Generation Risk"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20147","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20148","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"Mature","id":"SNYK-RUBY-ACTIONPACK-20158","priority_score":804,"priority_score_factors":[{"type":"exploit","label":"High","score":214},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Directory Traversal"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20198","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Arbitrary File Existence Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20200","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Arbitrary File Existence Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20256","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20258","priority_score":399,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Timing Attack"},{"exploit_maturity":"Mature","id":"SNYK-RUBY-ACTIONPACK-20264","priority_score":794,"priority_score_factors":[{"type":"exploit","label":"High","score":214},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary Code Injection"},{"exploit_maturity":"Proof of Concept","id":"SNYK-RUBY-ACTIONPACK-1290051","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-1290052","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-2400638","priority_score":584,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.4","score":370},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Information Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-3237231","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-3237232","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-RUBY-ACTIONPACK-569599","priority_score":646,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Request Forgery (CSRF)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-RUBY-ACTIONPACK-569600","priority_score":646,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-5741907","priority_score":449,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.7","score":235},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20087","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20090","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20121","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20122","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20123","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20125","priority_score":539,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Unsafe Query Generation Risk"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20147","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20148","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"Mature","id":"SNYK-RUBY-ACTIONPACK-20158","priority_score":804,"priority_score_factors":[{"type":"exploit","label":"High","score":214},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Directory Traversal"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20198","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Arbitrary File Existence Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20200","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Arbitrary File Existence Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20256","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20258","priority_score":399,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Timing Attack"},{"exploit_maturity":"Mature","id":"SNYK-RUBY-ACTIONPACK-20264","priority_score":794,"priority_score_factors":[{"type":"exploit","label":"High","score":214},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary Code Injection"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20147","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20148","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"Mature","id":"SNYK-RUBY-ACTIONPACK-20158","priority_score":804,"priority_score_factors":[{"type":"exploit","label":"High","score":214},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Directory Traversal"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20198","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Arbitrary File Existence Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20200","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Arbitrary File Existence Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20256","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20258","priority_score":399,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Timing Attack"},{"exploit_maturity":"Mature","id":"SNYK-RUBY-ACTIONPACK-20264","priority_score":794,"priority_score_factors":[{"type":"exploit","label":"High","score":214},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary Code Injection"},{"exploit_maturity":"Proof of Concept","id":"SNYK-RUBY-ACTIONPACK-1290051","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-1290052","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-2400638","priority_score":584,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.4","score":370},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Information Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-3237231","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-3237232","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-RUBY-ACTIONPACK-569599","priority_score":646,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Request Forgery (CSRF)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-RUBY-ACTIONPACK-569600","priority_score":646,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-5741907","priority_score":449,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.7","score":235},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-RUBY-ACTIONPACK-1290051","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-1290052","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"Mature","id":"SNYK-RUBY-ACTIONPACK-20047","priority_score":794,"priority_score_factors":[{"type":"exploit","label":"High","score":214},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary Code Execution"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20087","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20090","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20121","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20122","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20123","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20125","priority_score":539,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Unsafe Query Generation Risk"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20147","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20148","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"Mature","id":"SNYK-RUBY-ACTIONPACK-20158","priority_score":804,"priority_score_factors":[{"type":"exploit","label":"High","score":214},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Directory Traversal"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20198","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Arbitrary File Existence Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20200","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Arbitrary File Existence Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20256","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20258","priority_score":399,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Timing Attack"},{"exploit_maturity":"Mature","id":"SNYK-RUBY-ACTIONPACK-20264","priority_score":794,"priority_score_factors":[{"type":"exploit","label":"High","score":214},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary Code Injection"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-2400638","priority_score":584,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.4","score":370},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Information Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-3237231","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-3237232","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-RUBY-ACTIONPACK-569599","priority_score":646,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Request Forgery (CSRF)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-RUBY-ACTIONPACK-569600","priority_score":646,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-5741907","priority_score":449,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.7","score":235},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-RUBY-ACTIONPACK-1290051","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-1290052","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"Mature","id":"SNYK-RUBY-ACTIONPACK-20047","priority_score":794,"priority_score_factors":[{"type":"exploit","label":"High","score":214},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary Code Execution"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20087","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.3","score":215},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20090","priority_score":429,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore",...

@snyk-bot
fix: Gemfile to reduce vulnerabilities
9fd62d2 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-RACK-6274384
- https://snyk.io/vuln/SNYK-RUBY-RACK-6274385
- https://snyk.io/vuln/SNYK-RUBY-RACK-72567
- https://snyk.io/vuln/SNYK-RUBY-RACKSSL-20101
- https://snyk.io/vuln/SNYK-RUBY-RAILTIES-20454
- https://snyk.io/vuln/SNYK-RUBY-RAKE-552000
- https://snyk.io/vuln/SNYK-RUBY-RDOC-1279617
- https://snyk.io/vuln/SNYK-RUBY-RDOC-1316279
- https://snyk.io/vuln/SNYK-RUBY-RDOC-20057
- https://snyk.io/vuln/SNYK-RUBY-RDOC-6476871
- https://snyk.io/vuln/SNYK-RUBY-SPROCKETS-20199
- https://snyk.io/vuln/SNYK-RUBY-SPROCKETS-22032
- https://snyk.io/vuln/SNYK-RUBY-TZINFO-2958048
- https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-569598
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20432
- https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20158
- https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20047
- https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20264
- https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-2960802
- https://snyk.io/vuln/SNYK-RUBY-RACK-2848599
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-1293239
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-6056551
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-6056552
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-6056553
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-6056554
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-6056555
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-7164639
- https://snyk.io/vuln/SNYK-RUBY-JSON-560838
- https://snyk.io/vuln/SNYK-RUBY-JSON-20056
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-534637
- https://snyk.io/vuln/SNYK-RUBY-JQUERYRAILS-449590
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20367
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20368
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-22014
- https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-569599
- https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-569600
- https://snyk.io/vuln/SNYK-RUBY-HTTPARTY-3188560
- https://snyk.io/vuln/SNYK-RUBY-RACK-572377
- https://snyk.io/vuln/SNYK-RUBY-KAMINARI-570586
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2840634
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2413994
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-459107
- https://snyk.io/vuln/SNYK-RUBY-RACK-1061917
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-552159
- https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-1290052
- https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20256
- https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-3237239
- https://snyk.io/vuln/SNYK-RUBY-I18N-72582
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-1726792
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-22013
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2620374
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2630623
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2630898
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-3052880
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-72433
- https://snyk.io/vuln/SNYK-RUBY-RACK-2848600
- https://snyk.io/vuln/SNYK-RUBY-RACK-3356639
- https://snyk.io/vuln/SNYK-RUBY-RACK-569066
- https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-1290051
- https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-2400638
- https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-1314522
- https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-20044
- https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-20185
- https://snyk.io/vuln/SNYK-RUBY-HTTPARTY-20053
- https://snyk.io/vuln/SNYK-RUBY-JSON-20060
- https://snyk.io/vuln/SNYK-RUBY-MULTIXML-20051
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20299
- https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20125
- https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-20046
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-1583442
- https://snyk.io/vuln/SNYK-RUBY-RACK-20058
- https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-20149
- https://snyk.io/vuln/SNYK-RUBY-DEVISE-20055
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-3357693
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-6228056
- https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-3360028
- https://snyk.io/vuln/SNYK-RUBY-MAIL-20244
- https://snyk.io/vuln/SNYK-RUBY-RACK-20059
- https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-20294
- https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20122
- https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20148
- https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20200
- https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-3237231
- https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-3237232
- https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-20088
- https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-20259
- https://snyk.io/vuln/SNYK-RUBY-ACTIVERESOURCE-568275
- https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-20229
- https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-3237242
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20127
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20129
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20157
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20214
- https://snyk.io/vuln/SNYK-RUBY-RACK-20045
- https://snyk.io/vuln/SNYK-RUBY-RACK-20230
- https://snyk.io/vuln/SNYK-RUBY-RACK-20399
- https://snyk.io/vuln/SNYK-RUBY-RACK-538324
- https://snyk.io/vuln/SNYK-RUBY-RACK-6274383
- https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-5741907
- https://snyk.io/vuln/SNYK-RUBY-ACTIONMAILER-20112
- https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20087
- https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20090
- https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20121
- https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20123
- https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20147
- https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20198
- https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-20062
- https://snyk.io/vuln/SNYK-RUBY-I18N-20124
- https://snyk.io/vuln/SNYK-RUBY-RACK-20028
- https://snyk.io/vuln/SNYK-RUBY-RACK-20052
- https://snyk.io/vuln/SNYK-RUBY-ERUBIS-20482
- https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20258
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-1055008
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@AuMyers @snyk-bot