Rails-doubletap-RCE
Rails-doubletap-RCE copied to clipboard
mpgn
RCE on Rails 5.2.2 using a path traversal (CVE-2019-5418) and a deserialization of Ruby objects (CVE-2019-5420)
Bumps [tzinfo](https://github.com/tzinfo/tzinfo) from 1.2.5 to 1.2.10. Release notes Sourced from tzinfo's releases. v1.2.10 Fixed a relative path traversal bug that could cause arbitrary files to be loaded with require when...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [rails-html-sanitizer](https://github.com/rails/rails-html-sanitizer) from 1.0.4 to 1.4.3. Release notes Sourced from rails-html-sanitizer's releases. 1.4.3 / 2022-06-09 Address a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer. Prevent the combination of select...
Bumps [puma](https://github.com/puma/puma) from 3.12.1 to 4.3.12. Release notes Sourced from puma's releases. 4.3.12 Security Close several HTTP Request Smuggling exploits (CVE-2022-24790) 4.3.11 Bugfix/Security Response body will always be closed. (GHSA-rmj8-8hhh-gv5h,...
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.10.1 to 1.12.5. Release notes Sourced from nokogiri's releases. 1.12.5 / 2021-09-27 Security [JRuby] Address CVE-2021-41098 (GHSA-2rr5-8q37-2w7h). In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX...
Bumps [addressable](https://github.com/sporkmonger/addressable) from 2.6.0 to 2.8.0. Changelog Sourced from addressable's changelog. Addressable 2.8.0 fixes ReDoS vulnerability in Addressable::Template#match no longer replaces + with spaces in queries for non-http(s) schemes fixed...
https://rubygems.org/gems/mimemagic/versions https://github.com/mimemagicrb/mimemagic/issues/148
Bumps [rack](https://github.com/rack/rack) from 2.0.6 to 2.2.3. Changelog Sourced from rack's changelog. Changelog All notable changes to this project will be documented in this file. For info on how to format...
Bumps [websocket-extensions](https://github.com/faye/websocket-extensions-ruby) from 0.1.3 to 0.1.5. Changelog Sourced from websocket-extensions's changelog. 0.1.5 / 2020-06-02 Remove a ReDoS vulnerability in the header parser (CVE-2020-7663) 0.1.4 / 2019-06-10 Fix a deprecation warning...
Bumps [rake](https://github.com/ruby/rake) from 12.3.2 to 13.0.1. Changelog *Sourced from [rake's changelog](https://github.com/ruby/rake/blob/master/History.rdoc).* > === 13.0.1 > > ==== Bug fixes > > * Fixed bug: Reenabled task raises previous exception on...