Nexmo/mood-of-the-news

sass-rails-5.1.0.gem: 19 vulnerabilities (highest severity is: 9.8) - autoclosed

mend-for-github-com opened this issue · 1 comments

mend-for-github-com commented
Vulnerable Library - sass-rails-5.1.0.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/nokogiri-1.11.1.gem

Found in HEAD commit: 644285bf7e5ca3c9e83f21c41a726de43a03f563

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (sass-rails version) Remediation Available
CVE-2022-30123 High 9.8 rack-2.2.3.gem Transitive N/A*
WS-2022-0089 High 8.8 nokogiri-1.11.1-x86_64-linux.gem Transitive N/A*
CVE-2022-29181 High 8.2 nokogiri-1.11.1-x86_64-linux.gem Transitive N/A*
CVE-2021-22885 High 7.5 actionpack-6.1.1.gem Transitive N/A*
CVE-2022-24836 High 7.5 nokogiri-1.11.1-x86_64-linux.gem Transitive N/A*
CVE-2021-22902 High 7.5 actionpack-6.1.1.gem Transitive N/A*
CVE-2021-41098 High 7.5 nokogiri-1.11.1-x86_64-linux.gem Transitive N/A*
CVE-2021-22904 High 7.5 actionpack-6.1.1.gem Transitive N/A*
CVE-2022-30122 High 7.5 rack-2.2.3.gem Transitive N/A*
CVE-2021-22942 Medium 6.1 actionpack-6.1.1.gem Transitive N/A*
CVE-2021-22903 Medium 6.1 actionpack-6.1.1.gem Transitive N/A*
CVE-2022-22577 Medium 6.1 actionpack-6.1.1.gem Transitive N/A*
CVE-2022-27777 Medium 6.1 actionview-6.1.1.gem Transitive N/A*
CVE-2021-44528 Medium 6.1 actionpack-6.1.1.gem Transitive N/A*
CVE-2021-22881 Medium 6.1 actionpack-6.1.1.gem Transitive N/A*
CVE-2022-32209 Medium 6.1 rails-html-sanitizer-1.3.0.gem Transitive N/A*
CVE-2022-23634 Medium 5.9 actionpack-6.1.1.gem Transitive N/A*
CVE-2022-23633 Medium 5.9 actionpack-6.1.1.gem Transitive N/A*
CVE-2022-3704 Medium 5.4 actionpack-6.1.1.gem Transitive N/A*

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the section "Details" below to see if there is a version of transitive dependency where vulnerability is fixed.

Details

CVE-2022-30123

Vulnerable Library - rack-2.2.3.gem

Rack provides a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between (the so-called middleware) into a single method call.

Library home page: https://rubygems.org/gems/rack-2.2.3.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/rack-2.2.3.gem

Dependency Hierarchy:

  • sass-rails-5.1.0.gem (Root Library)
    • railties-6.1.1.gem
      • actionpack-6.1.1.gem
        • rack-2.2.3.gem (Vulnerable Library)

Found in HEAD commit: 644285bf7e5ca3c9e83f21c41a726de43a03f563

Found in base branch: main

Vulnerability Details

There is a possible shell escape sequence injection vulnerability in the Lint and CommonLogger components of Rack before 2.0.9.1,2.1.4.1,2.2.3.1

Publish Date: 2022-05-03

URL: CVE-2022-30123

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-wq4h-7r42-5hrr

Release Date: 2022-05-03

Fix Resolution: rack - 2.0.9.1,2.1.4.1,2.2.3.1

WS-2022-0089

Vulnerable Library - nokogiri-1.11.1-x86_64-linux.gem

Nokogiri (鋸) makes it easy and painless to work with XML and HTML from Ruby. It provides a sensible, easy-to-understand API for reading, writing, modifying, and querying documents. It is fast and standards-compliant by relying on native parsers like libxml2 (C) and xerces (Java).

Library home page: https://rubygems.org/gems/nokogiri-1.11.1-x86_64-linux.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/nokogiri-1.11.1.gem

Dependency Hierarchy:

  • sass-rails-5.1.0.gem (Root Library)
    • railties-6.1.1.gem
      • actionpack-6.1.1.gem
        • rails-dom-testing-2.0.3.gem
          • nokogiri-1.11.1-x86_64-linux.gem (Vulnerable Library)

Found in HEAD commit: 644285bf7e5ca3c9e83f21c41a726de43a03f563

Found in base branch: main

Vulnerability Details

Nokogiri before version 1.13.2 is vulnerable.

Publish Date: 2022-03-01

URL: WS-2022-0089

CVSS 3 Score Details (8.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-fq42-c5rg-92c2

Release Date: 2022-03-01

Fix Resolution: nokogiri - v1.13.2

CVE-2022-29181

Vulnerable Library - nokogiri-1.11.1-x86_64-linux.gem

Nokogiri (鋸) makes it easy and painless to work with XML and HTML from Ruby. It provides a sensible, easy-to-understand API for reading, writing, modifying, and querying documents. It is fast and standards-compliant by relying on native parsers like libxml2 (C) and xerces (Java).

Library home page: https://rubygems.org/gems/nokogiri-1.11.1-x86_64-linux.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/nokogiri-1.11.1.gem

Dependency Hierarchy:

  • sass-rails-5.1.0.gem (Root Library)
    • railties-6.1.1.gem
      • actionpack-6.1.1.gem
        • rails-dom-testing-2.0.3.gem
          • nokogiri-1.11.1-x86_64-linux.gem (Vulnerable Library)

Found in HEAD commit: 644285bf7e5ca3c9e83f21c41a726de43a03f563

Found in base branch: main

Vulnerability Details

Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a String by calling #to_s or equivalent.

Publish Date: 2022-05-20

URL: CVE-2022-29181

CVSS 3 Score Details (8.2)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29181

Release Date: 2022-05-20

Fix Resolution: nokogiri - 1.13.6

CVE-2021-22885

Vulnerable Library - actionpack-6.1.1.gem

Web apps on Rails. Simple, battle-tested conventions for building and testing MVC web applications. Works with any Rack-compatible server.

Library home page: https://rubygems.org/gems/actionpack-6.1.1.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/actionpack-6.1.1.gem

Dependency Hierarchy:

  • sass-rails-5.1.0.gem (Root Library)
    • railties-6.1.1.gem
      • actionpack-6.1.1.gem (Vulnerable Library)

Found in HEAD commit: 644285bf7e5ca3c9e83f21c41a726de43a03f563

Found in base branch: main

Vulnerability Details

A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the redirect_to or polymorphic_urlhelper with untrusted user input.

Publish Date: 2021-05-27

URL: CVE-2021-22885

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-hjg4-8q5f-x6fm

Release Date: 2021-05-27

Fix Resolution: actionpack - 5.2.4.6,5.2.6,6.0.3.7,6.1.3.2

CVE-2022-24836

Vulnerable Library - nokogiri-1.11.1-x86_64-linux.gem

Nokogiri (鋸) makes it easy and painless to work with XML and HTML from Ruby. It provides a sensible, easy-to-understand API for reading, writing, modifying, and querying documents. It is fast and standards-compliant by relying on native parsers like libxml2 (C) and xerces (Java).

Library home page: https://rubygems.org/gems/nokogiri-1.11.1-x86_64-linux.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/nokogiri-1.11.1.gem

Dependency Hierarchy:

  • sass-rails-5.1.0.gem (Root Library)
    • railties-6.1.1.gem
      • actionpack-6.1.1.gem
        • rails-dom-testing-2.0.3.gem
          • nokogiri-1.11.1-x86_64-linux.gem (Vulnerable Library)

Found in HEAD commit: 644285bf7e5ca3c9e83f21c41a726de43a03f563

Found in base branch: main

Vulnerability Details

Nokogiri is an open source XML and HTML library for Ruby. Nokogiri < v1.13.4 contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri >= 1.13.4. There are no known workarounds for this issue.

Publish Date: 2022-04-11

URL: CVE-2022-24836

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-crjr-9rc5-ghw8

Release Date: 2022-04-11

Fix Resolution: nokogiri - 1.13.4

CVE-2021-22902

Vulnerable Library - actionpack-6.1.1.gem

Web apps on Rails. Simple, battle-tested conventions for building and testing MVC web applications. Works with any Rack-compatible server.

Library home page: https://rubygems.org/gems/actionpack-6.1.1.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/actionpack-6.1.1.gem

Dependency Hierarchy:

  • sass-rails-5.1.0.gem (Root Library)
    • railties-6.1.1.gem
      • actionpack-6.1.1.gem (Vulnerable Library)

Found in HEAD commit: 644285bf7e5ca3c9e83f21c41a726de43a03f563

Found in base branch: main

Vulnerability Details

The actionpack ruby gem (a framework for handling and responding to web requests in Rails) before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch to do catastrophic backtracking in the regular expression engine.

Publish Date: 2021-06-11

URL: CVE-2021-22902

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2021-06-11

Fix Resolution: actionpack - 6.0.3.7,6.1.3.2

CVE-2021-41098

Vulnerable Library - nokogiri-1.11.1-x86_64-linux.gem

Nokogiri (鋸) makes it easy and painless to work with XML and HTML from Ruby. It provides a sensible, easy-to-understand API for reading, writing, modifying, and querying documents. It is fast and standards-compliant by relying on native parsers like libxml2 (C) and xerces (Java).

Library home page: https://rubygems.org/gems/nokogiri-1.11.1-x86_64-linux.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/nokogiri-1.11.1.gem

Dependency Hierarchy:

  • sass-rails-5.1.0.gem (Root Library)
    • railties-6.1.1.gem
      • actionpack-6.1.1.gem
        • rails-dom-testing-2.0.3.gem
          • nokogiri-1.11.1-x86_64-linux.gem (Vulnerable Library)

Found in HEAD commit: 644285bf7e5ca3c9e83f21c41a726de43a03f563

Found in base branch: main

Vulnerability Details

Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parser resolves external entities by default. Users of Nokogiri on JRuby who parse untrusted documents using any of these classes are affected: Nokogiri::XML::SAX::Parse, Nokogiri::HTML4::SAX::Parser or its alias Nokogiri::HTML::SAX::Parser, Nokogiri::XML::SAX::PushParser, and Nokogiri::HTML4::SAX::PushParser or its alias Nokogiri::HTML::SAX::PushParser. JRuby users should upgrade to Nokogiri v1.12.5 or later to receive a patch for this issue. There are no workarounds available for v1.12.4 or earlier. CRuby users are not affected.

Publish Date: 2021-09-27

URL: CVE-2021-41098

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41098

Release Date: 2021-09-27

Fix Resolution: nokogiri - 1.12.5

CVE-2021-22904

Vulnerable Library - actionpack-6.1.1.gem

Web apps on Rails. Simple, battle-tested conventions for building and testing MVC web applications. Works with any Rack-compatible server.

Library home page: https://rubygems.org/gems/actionpack-6.1.1.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/actionpack-6.1.1.gem

Dependency Hierarchy:

  • sass-rails-5.1.0.gem (Root Library)
    • railties-6.1.1.gem
      • actionpack-6.1.1.gem (Vulnerable Library)

Found in HEAD commit: 644285bf7e5ca3c9e83f21c41a726de43a03f563

Found in base branch: main

Vulnerability Details

The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses authenticate_or_request_with_http_token or authenticate_with_http_token for request authentication.

Publish Date: 2021-06-11

URL: CVE-2021-22904

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2021-06-11

Fix Resolution: actionpack - 5.2.4.6,5.2.6,6.0.3.7,6.1.3.2

CVE-2022-30122

Vulnerable Library - rack-2.2.3.gem

Rack provides a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between (the so-called middleware) into a single method call.

Library home page: https://rubygems.org/gems/rack-2.2.3.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/rack-2.2.3.gem

Dependency Hierarchy:

  • sass-rails-5.1.0.gem (Root Library)
    • railties-6.1.1.gem
      • actionpack-6.1.1.gem
        • rack-2.2.3.gem (Vulnerable Library)

Found in HEAD commit: 644285bf7e5ca3c9e83f21c41a726de43a03f563

Found in base branch: main

Vulnerability Details

There is a possible denial of service vulnerability in the multipart parsing component of Rack before 2.0.9.1,2.1.4.1,2.2.3.1

Publish Date: 2022-05-03

URL: CVE-2022-30122

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-hxqx-xwvh-44m2

Release Date: 2022-05-03

Fix Resolution: rack - 2.0.9.1,2.1.4.1,2.2.3.1

CVE-2021-22942

Vulnerable Library - actionpack-6.1.1.gem

Web apps on Rails. Simple, battle-tested conventions for building and testing MVC web applications. Works with any Rack-compatible server.

Library home page: https://rubygems.org/gems/actionpack-6.1.1.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/actionpack-6.1.1.gem

Dependency Hierarchy:

  • sass-rails-5.1.0.gem (Root Library)
    • railties-6.1.1.gem
      • actionpack-6.1.1.gem (Vulnerable Library)

Found in HEAD commit: 644285bf7e5ca3c9e83f21c41a726de43a03f563

Found in base branch: main

Vulnerability Details

A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 that could allow attackers to redirect users to a malicious website.

Publish Date: 2021-10-18

URL: CVE-2021-22942

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-22942

Release Date: 2021-10-18

Fix Resolution: actionpack - 6.0.4.1,6.1.4.1

CVE-2021-22903

Vulnerable Library - actionpack-6.1.1.gem

Web apps on Rails. Simple, battle-tested conventions for building and testing MVC web applications. Works with any Rack-compatible server.

Library home page: https://rubygems.org/gems/actionpack-6.1.1.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/actionpack-6.1.1.gem

Dependency Hierarchy:

  • sass-rails-5.1.0.gem (Root Library)
    • railties-6.1.1.gem
      • actionpack-6.1.1.gem (Vulnerable Library)

Found in HEAD commit: 644285bf7e5ca3c9e83f21c41a726de43a03f563

Found in base branch: main

Vulnerability Details

The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. This is similar to CVE-2021-22881. Strings in config.hosts that do not have a leading dot are converted to regular expressions without proper escaping. This causes, for example, config.hosts << "sub.example.com" to permit a request with a Host header value of sub-example.com.

Publish Date: 2021-06-11

URL: CVE-2021-22903

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2021-06-11

Fix Resolution: actionpack - 6.1.3.2

CVE-2022-22577

Vulnerable Library - actionpack-6.1.1.gem

Web apps on Rails. Simple, battle-tested conventions for building and testing MVC web applications. Works with any Rack-compatible server.

Library home page: https://rubygems.org/gems/actionpack-6.1.1.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/actionpack-6.1.1.gem

Dependency Hierarchy:

  • sass-rails-5.1.0.gem (Root Library)
    • railties-6.1.1.gem
      • actionpack-6.1.1.gem (Vulnerable Library)

Found in HEAD commit: 644285bf7e5ca3c9e83f21c41a726de43a03f563

Found in base branch: main

Vulnerability Details

An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses.

Publish Date: 2022-05-26

URL: CVE-2022-22577

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-mm33-5vfq-3mm3

Release Date: 2022-05-26

Fix Resolution: actionpack - 5.2.7.1,6.0.4.8,6.1.5.1,7.0.2.4

CVE-2022-27777

Vulnerable Library - actionview-6.1.1.gem

Simple, battle-tested conventions and helpers for building web pages.

Library home page: https://rubygems.org/gems/actionview-6.1.1.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/actionview-6.1.1.gem

Dependency Hierarchy:

  • sass-rails-5.1.0.gem (Root Library)
    • railties-6.1.1.gem
      • actionpack-6.1.1.gem
        • actionview-6.1.1.gem (Vulnerable Library)

Found in HEAD commit: 644285bf7e5ca3c9e83f21c41a726de43a03f563

Found in base branch: main

Vulnerability Details

A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes.

Publish Date: 2022-05-26

URL: CVE-2022-27777

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-ch3h-j2vf-95pv

Release Date: 2022-05-26

Fix Resolution: actionview - 5.2.7.1,6.0.4.8,6.1.5.1,7.0.2.4

CVE-2021-44528

Vulnerable Library - actionpack-6.1.1.gem

Web apps on Rails. Simple, battle-tested conventions for building and testing MVC web applications. Works with any Rack-compatible server.

Library home page: https://rubygems.org/gems/actionpack-6.1.1.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/actionpack-6.1.1.gem

Dependency Hierarchy:

  • sass-rails-5.1.0.gem (Root Library)
    • railties-6.1.1.gem
      • actionpack-6.1.1.gem (Vulnerable Library)

Found in HEAD commit: 644285bf7e5ca3c9e83f21c41a726de43a03f563

Found in base branch: main

Vulnerability Details

A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an attacker to craft a "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website.

Publish Date: 2022-01-10

URL: CVE-2021-44528

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-qphc-hf5q-v8fc

Release Date: 2022-01-10

Fix Resolution: actionpack - 6.0.4.2,6.1.4.2

CVE-2021-22881

Vulnerable Library - actionpack-6.1.1.gem

Web apps on Rails. Simple, battle-tested conventions for building and testing MVC web applications. Works with any Rack-compatible server.

Library home page: https://rubygems.org/gems/actionpack-6.1.1.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/actionpack-6.1.1.gem

Dependency Hierarchy:

  • sass-rails-5.1.0.gem (Root Library)
    • railties-6.1.1.gem
      • actionpack-6.1.1.gem (Vulnerable Library)

Found in HEAD commit: 644285bf7e5ca3c9e83f21c41a726de43a03f563

Found in base branch: main

Vulnerability Details

The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. Impacted applications will have allowed hosts with a leading dot. When an allowed host contains a leading dot, a specially crafted Host header can be used to redirect to a malicious website.

Publish Date: 2021-02-11

URL: CVE-2021-22881

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://discuss.rubyonrails.org/t/cve-2021-22881-possible-open-redirect-in-host-authorization-middleware/77130

Release Date: 2021-02-11

Fix Resolution: 6.0.3.5,6.1.2.1

CVE-2022-32209

Vulnerable Library - rails-html-sanitizer-1.3.0.gem

HTML sanitization for Rails applications

Library home page: https://rubygems.org/gems/rails-html-sanitizer-1.3.0.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/rails-html-sanitizer-1.3.0.gem

Dependency Hierarchy:

  • sass-rails-5.1.0.gem (Root Library)
    • railties-6.1.1.gem
      • actionpack-6.1.1.gem
        • rails-html-sanitizer-1.3.0.gem (Vulnerable Library)

Found in HEAD commit: 644285bf7e5ca3c9e83f21c41a726de43a03f563

Found in base branch: main

Vulnerability Details

Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3## ImpactA possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both select and style elements.Code is only impacted if allowed tags are being overridden. This may be done via application configuration:ruby# In config/application.rbconfig.action_view.sanitized_allowed_tags = ["select", "style"]see https://guides.rubyonrails.org/configuring.html#configuring-action-viewOr it may be done with a :tags option to the Action View helper sanitize:<%= sanitize @comment.body, tags: ["select", "style"] %>see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitizeOr it may be done with Rails::Html::SafeListSanitizer directly:ruby# class-level optionRails::Html::SafeListSanitizer.allowed_tags = ["select", "style"]orruby# instance-level optionRails::Html::SafeListSanitizer.new.sanitize(@article.body, tags: ["select", "style"])All users overriding the allowed tags by any of the above mechanisms to include both "select" and "style" should either upgrade or use one of the workarounds immediately.## ReleasesThe FIXED releases are available at the normal locations.## WorkaroundsRemove either select or style from the overridden allowed tags.## CreditsThis vulnerability was responsibly reported by windshock.

Publish Date: 2022-06-24

URL: CVE-2022-32209

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://discuss.rubyonrails.org/t/cve-2022-32209-possible-xss-vulnerability-in-rails-sanitizer/80800

Release Date: 2022-06-24

Fix Resolution: rails-html-sanitizer - 1.4.3

CVE-2022-23634

Vulnerable Library - actionpack-6.1.1.gem

Web apps on Rails. Simple, battle-tested conventions for building and testing MVC web applications. Works with any Rack-compatible server.

Library home page: https://rubygems.org/gems/actionpack-6.1.1.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/actionpack-6.1.1.gem

Dependency Hierarchy:

  • sass-rails-5.1.0.gem (Root Library)
    • railties-6.1.1.gem
      • actionpack-6.1.1.gem (Vulnerable Library)

Found in HEAD commit: 644285bf7e5ca3c9e83f21c41a726de43a03f563

Found in base branch: main

Vulnerability Details

Puma is a Ruby/Rack web server built for parallelism. Prior to puma version 5.6.2, puma may not always call close on the response body. Rails, prior to version 7.0.2.2, depended on the response body being closed in order for its CurrentAttributes implementation to work correctly. The combination of these two behaviors (Puma not closing the body + Rails' Executor implementation) causes information leakage. This problem is fixed in Puma versions 5.6.2 and 4.3.11. This problem is fixed in Rails versions 7.02.2, 6.1.4.6, 6.0.4.6, and 5.2.6.2. Upgrading to a patched Rails or Puma version fixes the vulnerability.

Publish Date: 2022-02-11

URL: CVE-2022-23634

CVSS 3 Score Details (5.9)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-wh98-p28r-vrc9

Release Date: 2022-02-11

Fix Resolution: puma - 4.3.11, 5.6.2; actionpack - 5.2.6.2, 6.0.4.6, 6.1.4.6, 7.0.2.2

CVE-2022-23633

Vulnerable Library - actionpack-6.1.1.gem

Web apps on Rails. Simple, battle-tested conventions for building and testing MVC web applications. Works with any Rack-compatible server.

Library home page: https://rubygems.org/gems/actionpack-6.1.1.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/actionpack-6.1.1.gem

Dependency Hierarchy:

  • sass-rails-5.1.0.gem (Root Library)
    • railties-6.1.1.gem
      • actionpack-6.1.1.gem (Vulnerable Library)

Found in HEAD commit: 644285bf7e5ca3c9e83f21c41a726de43a03f563

Found in base branch: main

Vulnerability Details

Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is not notified of a close, ActionDispatch::Executor will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests.This has been fixed in Rails 7.0.2.1, 6.1.4.5, 6.0.4.5, and 5.2.6.1. Upgrading is highly recommended, but to work around this problem a middleware described in GHSA-wh98-p28r-vrc9 can be used.

Publish Date: 2022-02-11

URL: CVE-2022-23633

CVSS 3 Score Details (5.9)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-wh98-p28r-vrc9

Release Date: 2022-02-11

Fix Resolution: 5.2.6.2, 6.0.4.6, 6.1.4.6, 7.0.2.2

CVE-2022-3704

Vulnerable Library - actionpack-6.1.1.gem

Web apps on Rails. Simple, battle-tested conventions for building and testing MVC web applications. Works with any Rack-compatible server.

Library home page: https://rubygems.org/gems/actionpack-6.1.1.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/actionpack-6.1.1.gem

Dependency Hierarchy:

  • sass-rails-5.1.0.gem (Root Library)
    • railties-6.1.1.gem
      • actionpack-6.1.1.gem (Vulnerable Library)

Found in HEAD commit: 644285bf7e5ca3c9e83f21c41a726de43a03f563

Found in base branch: main

Vulnerability Details

A vulnerability classified as problematic has been found in Ruby on Rails. This affects an unknown part of the file actionpack/lib/action_dispatch/middleware/templates/routes/_table.html.erb. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is be177e4566747b73ff63fd5f529fab564e475ed4. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212319.

Publish Date: 2022-10-26

URL: CVE-2022-3704

CVSS 3 Score Details (5.4)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

mend-for-github-com commented

✔️ This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.