search

lukebrogan-mend / railsgoat

A vulnerable version of Rails that follows the OWASP Top 10
railsgoat.cktricky.com
MIT License
0 stars 0 forks source link

rails-6.0.0.gem: 6 vulnerabilities (highest severity is: 9.8) - autoclosed #81

Closed mend-for-github-com[bot] closed 1 year ago

mend-for-github-com[bot] commented 1 year ago
Vulnerable Library - rails-6.0.0.gem

Ruby on Rails is a full-stack web framework optimized for programmer happiness and sustainable productivity. It encourages beautiful code by favoring convention over configuration.

Library home page: https://rubygems.org/gems/rails-6.0.0.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /m/ruby/2.7.0/cache/rails-6.0.0.gem

Found in HEAD commit: 10b00bba83d518df58b71c164d0be7c229d4b799

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in Remediation Available
CVE-2022-21831 High 9.8 activestorage-6.0.0.gem Transitive N/A
CVE-2020-8162 High 7.5 activestorage-6.0.0.gem Transitive N/A
CVE-2021-22880 High 7.5 detected in multiple dependencies Transitive N/A
CVE-2022-32224 High 7.0 activerecord-6.0.0.gem Transitive N/A
CVE-2020-8167 Medium 6.5 rails-6.0.0.gem Direct 6.0.3.1,5.2.4.3
CVE-2021-22881 Medium 6.1 rails-6.0.0.gem Direct 6.0.3.5,6.1.2.1

Details

CVE-2022-21831 ### Vulnerable Library - activestorage-6.0.0.gem

Attach cloud and local files in Rails applications.

Library home page: https://rubygems.org/gems/activestorage-6.0.0.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/activestorage-6.0.0.gem

Dependency Hierarchy: - rails-6.0.0.gem (Root Library) - :x: **activestorage-6.0.0.gem** (Vulnerable Library)

Found in HEAD commit: 10b00bba83d518df58b71c164d0be7c229d4b799

Found in base branch: master

### Vulnerability Details

A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments.

Publish Date: 2022-05-26

URL: CVE-2022-21831

### CVSS 3 Score Details (9.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://github.com/advisories/GHSA-w749-p3v6-hccq

Release Date: 2022-05-26

Fix Resolution: activestorage - 5.2.6.3,6.0.4.7,6.1.4.7,7.0.2.3

CVE-2020-8162 ### Vulnerable Library - activestorage-6.0.0.gem

Attach cloud and local files in Rails applications.

Library home page: https://rubygems.org/gems/activestorage-6.0.0.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/activestorage-6.0.0.gem

Dependency Hierarchy: - rails-6.0.0.gem (Root Library) - :x: **activestorage-6.0.0.gem** (Vulnerable Library)

Found in HEAD commit: 10b00bba83d518df58b71c164d0be7c229d4b799

Found in base branch: master

### Vulnerability Details

A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits.

Publish Date: 2020-06-19

URL: CVE-2020-8162

### CVSS 3 Score Details (7.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: High - Availability Impact: None

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://github.com/advisories/GHSA-m42x-37p3-fv5w

Release Date: 2020-06-19

Fix Resolution: 5.2.4.3,6.0.3.1

CVE-2021-22880 ### Vulnerable Libraries - activerecord-6.0.0.gem, rails-6.0.0.gem

### activerecord-6.0.0.gem

Databases on Rails. Build a persistent domain model by mapping database tables to Ruby classes. Strong conventions for associations, validations, aggregations, migrations, and testing come baked-in.

Library home page: https://rubygems.org/gems/activerecord-6.0.0.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/activerecord-6.0.0.gem

Dependency Hierarchy: - rails-6.0.0.gem (Root Library) - :x: **activerecord-6.0.0.gem** (Vulnerable Library) ### rails-6.0.0.gem

Ruby on Rails is a full-stack web framework optimized for programmer happiness and sustainable productivity. It encourages beautiful code by favoring convention over configuration.

Library home page: https://rubygems.org/gems/rails-6.0.0.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /m/ruby/2.7.0/cache/rails-6.0.0.gem

Dependency Hierarchy: - :x: **rails-6.0.0.gem** (Vulnerable Library)

Found in HEAD commit: 10b00bba83d518df58b71c164d0be7c229d4b799

Found in base branch: master

### Vulnerability Details

The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validation in the `money` type of the PostgreSQL adapter in Active Record to spend too much time in a regular expression, resulting in the potential for a DoS attack. This only impacts Rails applications that are using PostgreSQL along with money type columns that take user input.

Publish Date: 2021-02-11

URL: CVE-2021-22880

### CVSS 3 Score Details (7.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://discuss.rubyonrails.org/t/cve-2021-22880-possible-dos-vulnerability-in-active-record-postgresql-adapter/77129

Release Date: 2021-02-11

Fix Resolution: 5.2.4.5,6.0.3.5,6.1.2.1

:rescue_worker_helmet: Automatic Remediation is available for this issue
CVE-2022-32224 ### Vulnerable Library - activerecord-6.0.0.gem

Databases on Rails. Build a persistent domain model by mapping database tables to Ruby classes. Strong conventions for associations, validations, aggregations, migrations, and testing come baked-in.

Library home page: https://rubygems.org/gems/activerecord-6.0.0.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/activerecord-6.0.0.gem

Dependency Hierarchy: - rails-6.0.0.gem (Root Library) - :x: **activerecord-6.0.0.gem** (Vulnerable Library)

Found in HEAD commit: 10b00bba83d518df58b71c164d0be7c229d4b799

Found in base branch: master

### Vulnerability Details

RCE bug with Serialized Columns in Active Record before 5.2.8.1, 6.0.0 and before 6.0.5.1, 6.1.0 and before 6.1.6.1, 7.0.0 and before 7.0.3. When serialized columns that use YAML (the default) are deserialized, Rails uses YAML.unsafe_load to convert the YAML data in to Ruby objects. If an attacker can manipulate data in the database (via means like SQL injection), then it may be possible for the attacker to escalate to an RCE.

Publish Date: 2022-06-02

URL: CVE-2022-32224

### CVSS 3 Score Details (7.0)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: High - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://github.com/advisories/GHSA-3hhc-qp5v-9p2j

Release Date: 2022-06-02

Fix Resolution: activerecord - 5.2.8.1,6.0.5.1,6.1.6.1,7.0.3.1

CVE-2020-8167 ### Vulnerable Library - rails-6.0.0.gem

Ruby on Rails is a full-stack web framework optimized for programmer happiness and sustainable productivity. It encourages beautiful code by favoring convention over configuration.

Library home page: https://rubygems.org/gems/rails-6.0.0.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /m/ruby/2.7.0/cache/rails-6.0.0.gem

Dependency Hierarchy: - :x: **rails-6.0.0.gem** (Vulnerable Library)

Found in HEAD commit: 10b00bba83d518df58b71c164d0be7c229d4b799

Found in base branch: master

### Vulnerability Details

A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains.

Publish Date: 2020-06-19

URL: CVE-2020-8167

### CVSS 3 Score Details (6.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: High - Availability Impact: None

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://rubygems.org/gems/rails/versions/6.0.3.1

Release Date: 2020-06-19

Fix Resolution: 6.0.3.1,5.2.4.3

:rescue_worker_helmet: Automatic Remediation is available for this issue
CVE-2021-22881 ### Vulnerable Library - rails-6.0.0.gem

Ruby on Rails is a full-stack web framework optimized for programmer happiness and sustainable productivity. It encourages beautiful code by favoring convention over configuration.

Library home page: https://rubygems.org/gems/rails-6.0.0.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /m/ruby/2.7.0/cache/rails-6.0.0.gem

Dependency Hierarchy: - :x: **rails-6.0.0.gem** (Vulnerable Library)

Found in HEAD commit: 10b00bba83d518df58b71c164d0be7c229d4b799

Found in base branch: master

### Vulnerability Details

The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted `Host` headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. Impacted applications will have allowed hosts with a leading dot. When an allowed host contains a leading dot, a specially crafted `Host` header can be used to redirect to a malicious website.

Publish Date: 2021-02-11

URL: CVE-2021-22881

### CVSS 3 Score Details (6.1)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Changed - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://discuss.rubyonrails.org/t/cve-2021-22881-possible-open-redirect-in-host-authorization-middleware/77130

Release Date: 2021-02-11

Fix Resolution: 6.0.3.5,6.1.2.1

:rescue_worker_helmet: Automatic Remediation is available for this issue

:rescue_worker_helmet: Automatic Remediation is available for this issue.

mend-for-github-com[bot] commented 1 year ago

:information_source: This issue was automatically closed by Mend because it is a duplicate of an existing issue: #82

mend-for-github-com[bot] commented 1 year ago

:information_source: This issue was automatically closed by Mend because it is a duplicate of an existing issue: #82