Rails-doubletap-RCE
Rails-doubletap-RCE copied to clipboard
mpgn
RCE on Rails 5.2.2 using a path traversal (CVE-2019-5418) and a deserialization of Ruby objects (CVE-2019-5420)
Bumps [rubyzip](https://github.com/rubyzip/rubyzip) from 1.2.2 to 1.3.0. Release notes *Sourced from [rubyzip's releases](https://github.com/rubyzip/rubyzip/releases).* > ## v1.3.0 > Security > > - Add `validate_entry_sizes` option so that callers can trust an entry's...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [loofah](https://github.com/flavorjones/loofah) from 2.2.3 to 2.4.0. Release notes *Sourced from [loofah's releases](https://github.com/flavorjones/loofah/releases).* > ## 2.4.0 / 2019-11-25 > > ### Features > > * Allow CSS property `max-width` [#175](https://github-redirect.dependabot.com/flavorjones/loofah/issues/175) (Thanks,...
I ran bundle install then I got the error /usr/local/rvm/gems/ruby-2.5.1/gems/railties-5.2.1/lib/rails/application.rb:585:in `validate_secret_key_base': Missing `secret_key_base` for 'production' environment, set this string with `rails credentials:edit` (ArgumentError) so I ran rails credentials:edit then I...
Bumps [addressable](https://github.com/sporkmonger/addressable) from 2.6.0 to 2.8.1. Changelog Sourced from addressable's changelog. Addressable 2.8.1 refactor Addressable::URI.normalize_path to address linter offenses (#430) remove redundant colon in Addressable::URI::CharacterClasses::AUTHORITY regex (#438) update gemspec to...
Bumps [globalid](https://github.com/rails/globalid) from 0.4.2 to 1.0.1. Release notes Sourced from globalid's releases. v1.0.1 Possible ReDoS based DoS vulnerability in GlobalID There is a ReDoS based DoS vulnerability in the GlobalID...
Bumps [rails-html-sanitizer](https://github.com/rails/rails-html-sanitizer) from 1.0.4 to 1.4.4. Release notes Sourced from rails-html-sanitizer's releases. 1.4.4 / 2022-12-13 Address inefficient regular expression complexity with certain configurations of Rails::Html::Sanitizer. Fixes CVE-2022-23517. See GHSA-5x79-w82f-gw8w for...
Bumps [loofah](https://github.com/flavorjones/loofah) from 2.2.3 to 2.19.1. Release notes Sourced from loofah's releases. 2.19.1 / 2022-12-13 Security Address CVE-2022-23514, inefficient regular expression complexity. See GHSA-486f-hjj9-9vhh for more information. Address CVE-2022-23515, improper...