Actions
Defect #38875
openAdditional vulnerabilities reported for v.5.0.5
Status:
Needs feedback
Priority:
Normal
Assignee:
-
Category:
Security
Target version:
-
Start date:
Due date:
% Done:
0%
Estimated time:
Resolution:
Affected version:
Description
In version 5.0.5:
Name: actionpack Version: 6.1.7.2 CVE: CVE-2023-28362 GHSA: GHSA-4g8v-vg43-wpgf Criticality: Unknown URL: https://discuss.rubyonrails.org/t/cve-2023-28362-possible-xss-via-user-supplied-values-to-redirect-to/83132 Title: Possible XSS via User Supplied Values to redirect_to Solution: upgrade to '~> 6.1.7.4', '>= 7.0.5.1' Name: actionview Version: 6.1.7.2 CVE: CVE-2023-23913 GHSA: GHSA-xp5h-f8jf-rc8q Criticality: High URL: https://discuss.rubyonrails.org/t/cve-2023-23913-dom-based-cross-site-scripting-in-rails-ujs-for-contenteditable-html-elements/82468 Title: DOM Based Cross-site Scripting in rails-ujs for contenteditable HTML Elements Solution: upgrade to '~> 6.1.7.3', '>= 7.0.4.3' Name: commonmarker Version: 0.23.8 GHSA: GHSA-48wp-p9qv-4j64 Criticality: High URL: https://github.com/gjtorikian/commonmarker/releases/tag/v0.23.9 Title: Commonmarker vulnerable to to several quadratic complexity bugs that may lead to denial of service Solution: upgrade to '>= 0.23.9' Name: rack Version: 2.2.6.3 CVE: CVE-2023-27539 GHSA: GHSA-c6qg-cjj8-47qp Criticality: Unknown URL: https://discuss.rubyonrails.org/t/cve-2023-27539-possible-denial-of-service-vulnerability-in-racks-header-parsing/82466 Title: Possible Denial of Service Vulnerability in Rack’s header parsing Solution: upgrade to '~> 2.0, >= 2.2.6.4', '>= 3.0.6.1' Name: sanitize Version: 6.0.1 CVE: CVE-2023-36823 GHSA: GHSA-f5ww-cq3m-q3g7 Criticality: High URL: https://github.com/rgrove/sanitize/releases/tag/v6.0.2 Title: Sanitize vulnerable to Cross-site Scripting via insufficient neutralization of `style` element content Solution: upgrade to '>= 6.0.2'
Related issues
Actions