search

uclibs / application_portfolio

The application manages applications at UCL
https://libapps.libraries.uc.edu/application_portfolio
2 stars 1 forks source link

Bundler-audit #261

Closed bsp3ars closed 2 years ago

bsp3ars commented 2 years ago

Name: nokogiri Version: 1.11.5 CVE: CVE-2021-41098 GHSA: GHSA-2rr5-8q37-2w7h Criticality: High URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h Title: Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby Solution: upgrade to >= 1.12.5

Name: nokogiri Version: 1.11.5 CVE: CVE-2021-41098 GHSA: GHSA-2rr5-8q37-2w7h Criticality: High URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h Title: Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby Solution: upgrade to >= 1.12.5

Name: nokogiri Version: 1.11.5 CVE: CVE-2021-41098 GHSA: GHSA-2rr5-8q37-2w7h Criticality: High URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h Title: Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby Solution: upgrade to >= 1.12.5

Name: nokogiri Version: 1.11.5 CVE: CVE-2021-41098 GHSA: GHSA-2rr5-8q37-2w7h Criticality: High URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h Title: Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby Solution: upgrade to >= 1.12.5

Name: puma Version: 3.12.6 CVE: CVE-2021-29509 GHSA: GHSA-q28m-8xjw-8vr5 Criticality: High URL: https://github.com/puma/puma/security/advisories/GHSA-q28m-8xjw-8vr5 Title: Keepalive Connections Causing Denial Of Service in puma Solution: upgrade to ~> 4.3.8, >= 5.3.1

Name: puma Version: 3.12.6 CVE: CVE-2021-41136 GHSA: GHSA-48w2-rm65-62xx Criticality: Low URL: https://github.com/puma/puma/security/advisories/GHSA-48w2-rm65-62xx Title: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma Solution: upgrade to ~> 4.3.9, >= 5.5.1

Name: puma Version: 3.12.6 CVE: CVE-2021-29509 GHSA: GHSA-q28m-8xjw-8vr5 Criticality: High URL: https://github.com/puma/puma/security/advisories/GHSA-q28m-8xjw-8vr5 Title: Keepalive Connections Causing Denial Of Service in puma Solution: upgrade to ~> 4.3.8, >= 5.3.1

Name: puma Version: 3.12.6 CVE: CVE-2021-41136 GHSA: GHSA-48w2-rm65-62xx Criticality: Low URL: https://github.com/puma/puma/security/advisories/GHSA-48w2-rm65-62xx Title: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma Solution: upgrade to ~> 4.3.9, >= 5.5.1

bsp3ars commented 2 years ago

Closed via #262