Additional vulnerabilities reported for v.5.0.5
In version 5.0.5:
Title: Possible XSS via User Supplied Values to redirect_to
Solution: upgrade to '~> 184.108.40.206', '>= 220.127.116.11'
Title: DOM Based Cross-site Scripting in rails-ujs for contenteditable HTML Elements
Solution: upgrade to '~> 18.104.22.168', '>= 22.214.171.124'
Title: Commonmarker vulnerable to to several quadratic complexity bugs that may lead to denial of service
Solution: upgrade to '>= 0.23.9'
Title: Possible Denial of Service Vulnerability in Rack’s header parsing
Solution: upgrade to '~> 2.0, >= 126.96.36.199', '>= 188.8.131.52'
Title: Sanitize vulnerable to Cross-site Scripting via insufficient neutralization of `style` element content
Solution: upgrade to '>= 6.0.2'