search

spotify / spotify.github.io

Showcase site for hand-picked open-source projects by Spotify
https://spotify.github.io
Apache License 2.0
100 stars 36 forks source link

[Snyk] Fix for 12 vulnerabilities #18

Closed snyk-bot closed 1 year ago

snyk-bot commented 1 year ago

Snyk has created this PR to fix one or more vulnerable packages in the `rubygems` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-RUBY-ACTIVESUPPORT-3237242		 No No Known Exploit
medium severity 519/1000
Why? Has a fix available, CVSS 6.1		 Cross-site Scripting (XSS)
SNYK-RUBY-ACTIVESUPPORT-3360028		 No No Known Exploit
high severity 654/1000
Why? Has a fix available, CVSS 8.8		 Integer Overflow or Wraparound
SNYK-RUBY-COMMONMARKER-2415031		 Yes No Known Exploit
low severity 486/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 3.3		 Out-of-bounds Read
SNYK-RUBY-COMMONMARKER-3318398		 Yes Proof of Concept
medium severity 429/1000
Why? Has a fix available, CVSS 4.3		 Denial of Service (DoS)
SNYK-RUBY-COMMONMARKER-3318399		 Yes No Known Exploit
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5		 Denial of Service (DoS)
SNYK-RUBY-COMMONMARKER-3318400		 Yes Proof of Concept
medium severity 536/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 4.3		 Denial of Service (DoS)
SNYK-RUBY-COMMONMARKER-3318401		 Yes Proof of Concept
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-RUBY-NOKOGIRI-2620374		 No No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Out-of-bounds Write
SNYK-RUBY-NOKOGIRI-2630623		 No No Known Exploit
high severity 624/1000
Why? Has a fix available, CVSS 8.2		 Improper Handling of Unexpected Data Type
SNYK-RUBY-NOKOGIRI-2840634		 No No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 NULL Pointer Dereference
SNYK-RUBY-NOKOGIRI-3052880		 No No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Directory Traversal
SNYK-RUBY-TZINFO-2958048		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: šŸ§ View latest project report

šŸ›  Adjust project settings

šŸ“š Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

šŸ¦‰ Regular Expression Denial of Service (ReDoS) šŸ¦‰ Cross-site Scripting (XSS) šŸ¦‰ NULL Pointer Dereference šŸ¦‰ More lessons are available in Snyk Learn