Skip to content

[Snyk] Fix for 53 vulnerabilities #17

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 53 vulnerabilities #17

wants to merge 1 commit into from

Conversation

tim-snyk
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `rubygems` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • Gemfile
  • Gemfile.lock

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 114/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00223, Social Trends: No, Days since published: 1106, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 5.99, Likelihood: 1.9, Score Version: V5		 Denial of Service (DoS)
SNYK-RUBY-ACTIONPACK-1290052		 Yes No Known Exploit
high severity 117/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.02031, Social Trends: No, Days since published: 3035, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 5.99, Likelihood: 1.94, Score Version: V5		 Denial of Service (DoS)
SNYK-RUBY-ACTIONPACK-20255		 No No Known Exploit
high severity 115/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01128, Social Trends: No, Days since published: 3035, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 5.99, Likelihood: 1.92, Score Version: V5		 Denial of Service (DoS)
SNYK-RUBY-ACTIONPACK-20256		 No No Known Exploit
high severity 397/1000
Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: High, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.94666, Social Trends: No, Days since published: 3000, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 5.62, Likelihood: 7.06, Score Version: V5		 Arbitrary Code Injection
SNYK-RUBY-ACTIONPACK-20264		 No Mature
high severity 145/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00213, Social Trends: No, Days since published: 823, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 8.63, Likelihood: 1.67, Score Version: V5		 Information Exposure
SNYK-RUBY-ACTIONPACK-2400638		 Yes No Known Exploit
high severity 423/1000
Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity: High, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.97361, Social Trends: No, Days since published: 3035, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 5.99, Likelihood: 7.06, Score Version: V5		 Information Exposure
SNYK-RUBY-ACTIONVIEW-20262		 No Mature
critical severity 593/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Functional, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.9664, Social Trends: No, Days since published: 1460, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Critical, Package Popularity Score: 97, Impact: 9.79, Likelihood: 6.06, Score Version: V5		 Remote Code Execution (RCE)
SNYK-RUBY-ACTIONVIEW-569156		 No Mature
high severity 115/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00605, Social Trends: No, Days since published: 1171, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 98, Impact: 5.99, Likelihood: 1.91, Score Version: V5		 Regular Expression Denial of Service (ReDoS)
SNYK-RUBY-ACTIVERECORD-1080913		 Yes No Known Exploit
high severity 114/1000
Why? Confidentiality impact: None, Integrity impact: High, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00293, Social Trends: No, Days since published: 2836, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 98, Impact: 5.99, Likelihood: 1.9, Score Version: V5		 Unsafe Query Generation
SNYK-RUBY-ACTIVERECORD-20270		 No No Known Exploit
critical severity 186/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00114, Social Trends: No, Days since published: 674, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Critical, Package Popularity Score: 98, Impact: 9.79, Likelihood: 1.89, Score Version: V5		 Remote Code Execution (RCE)
SNYK-RUBY-ACTIVERECORD-2960802		 Yes No Known Exploit
high severity 114/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00075, Social Trends: No, Days since published: 484, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 98, Impact: 5.99, Likelihood: 1.89, Score Version: V5		 Denial of Service (DoS)
SNYK-RUBY-ACTIVERECORD-3237239		 Yes No Known Exploit
high severity 670/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: High, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.66555, Social Trends: No, Days since published: 1459, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 98, Impact: 9.79, Likelihood: 6.83, Score Version: V5		 Deserialization of Untrusted Data
SNYK-RUBY-ACTIVESUPPORT-569598		 Yes Mature
high severity 115/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.005, Social Trends: No, Days since published: 2012, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 1.9, Score Version: V5		 Denial of Service (DoS)
SNYK-RUBY-I18N-72582		 No No Known Exploit
critical severity 150/1000
Why? Confidentiality impact: None, Integrity impact: Low, Availability impact: High, Scope: Changed, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00634, Social Trends: No, Days since published: 1519, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Critical, Package Popularity Score: 98, Impact: 7.86, Likelihood: 1.91, Score Version: V5		 Denial of Service (DoS)
SNYK-RUBY-JSON-560838		 Yes No Known Exploit
high severity 114/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00088, Social Trends: No, Days since published: 520, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 5.99, Likelihood: 1.89, Score Version: V5		 Regular Expression Denial of Service (ReDoS)
SNYK-RUBY-LOOFAH-3168317		 No No Known Exploit
high severity 107/1000
Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.0033, Social Trends: No, Days since published: 1667, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 5.62, Likelihood: 1.9, Score Version: V5		 Cross-site Scripting (XSS)
SNYK-RUBY-LOOFAH-474102		 No No Known Exploit
high severity 160/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00873, Social Trends: No, Days since published: 1094, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 98, Impact: 5.99, Likelihood: 2.66, Score Version: V5		 Denial of Service (DoS)
SNYK-RUBY-NOKOGIRI-1293239		 No Proof of Concept
high severity 114/1000
Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00123, Social Trends: No, Days since published: 961, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 98, Impact: 5.99, Likelihood: 1.89, Score Version: V5		 XML External Entity (XXE) Injection
SNYK-RUBY-NOKOGIRI-1726792		 No No Known Exploit
high severity 117/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.02168, Social Trends: No, Days since published: 2901, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 98, Impact: 5.99, Likelihood: 1.94, Score Version: V5		 Arbitrary Code Execution
SNYK-RUBY-NOKOGIRI-20277		 No No Known Exploit
high severity 108/1000
Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 2677, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 98, Impact: 5.62, Likelihood: 1.92, Score Version: V5		 XML External Entity (XXE) Injection
SNYK-RUBY-NOKOGIRI-20299		 No No Known Exploit
high severity 143/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00343, Social Trends: No, Days since published: 2559, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 98, Impact: 9.79, Likelihood: 1.46, Score Version: V5		 Arbitrary Code Execution
SNYK-RUBY-NOKOGIRI-20367		 No No Known Exploit
high severity 147/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.02041, Social Trends: No, Days since published: 2559, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 98, Impact: 9.79, Likelihood: 1.5, Score Version: V5		 Out of Bounds Memory Write
SNYK-RUBY-NOKOGIRI-20368		 No No Known Exploit
high severity 318/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Functional, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01922, Social Trends: No, Days since published: 2430, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 98, Impact: 9.79, Likelihood: 3.24, Score Version: V5		 Use of vulnerable libxml2
SNYK-RUBY-NOKOGIRI-20432		 No Mature
high severity 115/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01108, Social Trends: No, Days since published: 2287, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 98, Impact: 5.99, Likelihood: 1.92, Score Version: V5		 Denial of Service (DoS)
SNYK-RUBY-NOKOGIRI-22013		 No No Known Exploit
high severity 147/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.02136, Social Trends: No, Days since published: 2287, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 98, Impact: 9.79, Likelihood: 1.5, Score Version: V5		 Denial of Service (DoS)
SNYK-RUBY-NOKOGIRI-22014		 No No Known Exploit
high severity 165/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00409, Social Trends: No, Days since published: 813, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 98, Impact: 9.79, Likelihood: 1.68, Score Version: V5		 Use After Free
SNYK-RUBY-NOKOGIRI-2413994		 No No Known Exploit
high severity 115/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00546, Social Trends: No, Days since published: 766, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 98, Impact: 5.99, Likelihood: 1.9, Score Version: V5		 Regular Expression Denial of Service (ReDoS)
SNYK-RUBY-NOKOGIRI-2620374		 No No Known Exploit
high severity 114/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00278, Social Trends: No, Days since published: 766, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 98, Impact: 5.99, Likelihood: 1.9, Score Version: V5		 Out-of-bounds Write
SNYK-RUBY-NOKOGIRI-2630623		 No No Known Exploit
high severity 115/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.0053, Social Trends: No, Days since published: 766, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 98, Impact: 5.99, Likelihood: 1.9, Score Version: V5		 Denial of Service (DoS)
SNYK-RUBY-NOKOGIRI-2630898		 No No Known Exploit
high severity 134/1000
Why? Confidentiality impact: Low, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00285, Social Trends: No, Days since published: 728, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 98, Impact: 7.03, Likelihood: 1.9, Score Version: V5		 Improper Handling of Unexpected Data Type
SNYK-RUBY-NOKOGIRI-2840634		 No No Known Exploit
high severity 115/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 575, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 98, Impact: 5.99, Likelihood: 1.92, Score Version: V5		 NULL Pointer Dereference
SNYK-RUBY-NOKOGIRI-3052880		 No No Known Exploit
high severity 168/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0175, Social Trends: No, Days since published: 1739, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 98, Impact: 9.79, Likelihood: 1.71, Score Version: V5		 Command Injection
SNYK-RUBY-NOKOGIRI-459107		 No No Known Exploit
high severity 169/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: Low, Scope: Changed, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 1640, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 98, Impact: 9.95, Likelihood: 1.69, Score Version: V5		 Uncontrolled Memory Allocation
SNYK-RUBY-NOKOGIRI-534637		 No No Known Exploit
high severity 115/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Unproven, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00597, Social Trends: No, Days since published: 1543, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 98, Impact: 5.99, Likelihood: 1.91, Score Version: V5		 Denial of Service (DoS)
SNYK-RUBY-NOKOGIRI-552159		 No No Known Exploit
high severity 159/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00297, Social Trends: No, Days since published: 1094, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 98, Impact: 5.99, Likelihood: 2.65, Score Version: V5		 Denial of Service (DoS)
SNYK-RUBY-NOKOGIRI-6056551		 No Proof of Concept
high severity 161/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.0123, Social Trends: No, Days since published: 1094, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 98, Impact: 5.99, Likelihood: 2.67, Score Version: V5		 Denial of Service (DoS)
SNYK-RUBY-NOKOGIRI-6056552		 No Proof of Concept
high severity 159/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00411, Social Trends: No, Days since published: 1094, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 98, Impact: 5.99, Likelihood: 2.65, Score Version: V5		 Denial of Service (DoS)
SNYK-RUBY-NOKOGIRI-6056553		 No Proof of Concept
high severity 160/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01019, Social Trends: No, Days since published: 1094, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 98, Impact: 5.99, Likelihood: 2.67, Score Version: V5		 Denial of Service (DoS)
SNYK-RUBY-NOKOGIRI-6056554		 No Proof of Concept
high severity 159/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00081, Social Trends: No, Days since published: 1094, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 98, Impact: 5.99, Likelihood: 2.64, Score Version: V5		 Denial of Service (DoS)
SNYK-RUBY-NOKOGIRI-6056555		 No Proof of Concept
high severity 118/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.02983, Social Trends: No, Days since published: 2046, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 98, Impact: 5.99, Likelihood: 1.96, Score Version: V5		 Denial of Service (DoS)
SNYK-RUBY-NOKOGIRI-72433		 No No Known Exploit
critical severity 224/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00316, Social Trends: No, Days since published: 2369, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: High, Provider Urgency: Critical, Package Popularity Score: 92, Impact: 9.79, Likelihood: 2.29, Score Version: V5		 Server-Side Request Forgery (SSRF)
SNYK-RUBY-PAPERCLIP-22001		 Yes No Known Exploit
critical severity 186/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00303, Social Trends: No, Days since published: 720, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Critical, Package Popularity Score: 98, Impact: 9.79, Likelihood: 1.9, Score Version: V5		 Arbitrary Code Injection
SNYK-RUBY-RACK-2848599		 Yes No Known Exploit
high severity 114/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00077, Social Trends: No, Days since published: 720, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 98, Impact: 5.99, Likelihood: 1.89, Score Version: V5		 Denial of Service (DoS)
SNYK-RUBY-RACK-2848600		 Yes No Known Exploit
high severity 114/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00086, Social Trends: No, Days since published: 436, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 98, Impact: 5.99, Likelihood: 1.89, Score Version: V5		 Denial of Service (DoS)
SNYK-RUBY-RACK-3356639		 Yes No Known Exploit
high severity 114/1000
Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00177, Social Trends: No, Days since published: 1464, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 98, Impact: 5.99, Likelihood: 1.89, Score Version: V5		 Directory Traversal
SNYK-RUBY-RACK-569066		 Yes No Known Exploit
high severity 124/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00044, Social Trends: No, Days since published: 82, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 98, Impact: 5.99, Likelihood: 2.06, Score Version: V5		 Denial of Service (DoS)
SNYK-RUBY-RACK-6274385		 Yes No Known Exploit
high severity 160/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00605, Social Trends: No, Days since published: 1190, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 5.99, Likelihood: 2.66, Score Version: V5		 Denial of Service (DoS)
SNYK-RUBY-RAILS-1071903		 Yes Proof of Concept
high severity 114/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00077, Social Trends: No, Days since published: 520, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 5.99, Likelihood: 1.89, Score Version: V5		 Regular Expression Denial of Service (ReDoS)
SNYK-RUBY-RAILSHTMLSANITIZER-3168646		 No No Known Exploit
high severity 149/1000
Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00086, Social Trends: No, Days since published: 1543, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.62, Likelihood: 2.64, Score Version: V5		 Arbitrary Code Injection
SNYK-RUBY-RAKE-552000		 No Proof of Concept
high severity 146/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00065, Social Trends: No, Days since published: 1108, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 95, Impact: 9.79, Likelihood: 1.49, Score Version: V5		 Command Injection
SNYK-RUBY-RDOC-1279617		 Yes No Known Exploit
high severity 56/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Local, EPSS: 0.00065, Social Trends: No, Days since published: 1044, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 95, Impact: 9.79, Likelihood: 0.563, Score Version: V5		 Command Injection
SNYK-RUBY-RDOC-1316279		 Yes No Known Exploit
high severity 162/1000
Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.02274, Social Trends: No, Days since published: 2157, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 97, Impact: 5.99, Likelihood: 2.7, Score Version: V5		 Directory Traversal
SNYK-RUBY-SPROCKETS-22032		 No Proof of Concept
high severity 121/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00281, Social Trends: No, Days since published: 665, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 1.23, Score Version: V5		 Directory Traversal
SNYK-RUBY-TZINFO-2958048		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"coffee-rails","from":"4.1.0","to":"4.2.2"},{"name":"devise","from":"3.4.1","to":"4.4.2"},{"name":"jbuilder","from":"2.2.12","to":"2.6.4"},{"name":"jquery-rails","from":"4.0.3","to":"4.1.1"},{"name":"paperclip","from":"4.2.1","to":"5.2.1"},{"name":"rails","from":"4.2.0","to":"6.1.7.1"},{"name":"sass-rails","from":"5.0.1","to":"5.0.5"},{"name":"sdoc","from":"0.4.1","to":"1.0.0"},{"name":"turbolinks","from":"2.5.3","to":"2.5.4"},{"name":"twitter-bootstrap-rails","from":"3.2.0","to":"3.2.2"},{"name":"uglifier","from":"2.7.1","to":"2.7.2"},{"name":"web-console","from":"2.1.2","to":"2.1.3"}],"env":"prod","issuesToFix":[{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-1290052","priority_score":114,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00223},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Thu May 06 2021 15:41:49 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":97},{"name":"impact","value":5.99},{"name":"likelihood","value":1.9},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20255","priority_score":117,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.02031},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Sun Jan 24 2016 22:00:00 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":97},{"name":"impact","value":5.99},{"name":"likelihood","value":1.94},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20256","priority_score":115,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.01128},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Sun Jan 24 2016 22:00:00 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":97},{"name":"impact","value":5.99},{"name":"likelihood","value":1.92},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"Mature","id":"SNYK-RUBY-ACTIONPACK-20264","priority_score":397,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"high"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.94666},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Sun Feb 28 2016 22:00:00 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":97},{"name":"impact","value":5.62},{"name":"likelihood","value":7.06},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Arbitrary Code Injection"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-2400638","priority_score":145,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"high"},{"name":"availability","value":"none"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00213},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Sun Feb 13 2022 15:26:40 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":97},{"name":"impact","value":8.63},{"name":"likelihood","value":1.67},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Information Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-1290052","priority_score":114,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00223},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Thu May 06 2021 15:41:49 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":97},{"name":"impact","value":5.99},{"name":"likelihood","value":1.9},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20255","priority_score":117,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.02031},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Sun Jan 24 2016 22:00:00 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":97},{"name":"impact","value":5.99},{"name":"likelihood","value":1.94},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20256","priority_score":115,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.01128},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Sun Jan 24 2016 22:00:00 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":97},{"name":"impact","value":5.99},{"name":"likelihood","value":1.92},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"Mature","id":"SNYK-RUBY-ACTIONPACK-20264","priority_score":397,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"high"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.94666},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Sun Feb 28 2016 22:00:00 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":97},{"name":"impact","value":5.62},{"name":"likelihood","value":7.06},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Arbitrary Code Injection"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-2400638","priority_score":145,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"high"},{"name":"availability","value":"none"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00213},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Sun Feb 13 2022 15:26:40 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":97},{"name":"impact","value":8.63},{"name":"likelihood","value":1.67},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Information Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-1290052","priority_score":114,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00223},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Thu May 06 2021 15:41:49 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":97},{"name":"impact","value":5.99},{"name":"likelihood","value":1.9},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20255","priority_score":117,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.02031},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Sun Jan 24 2016 22:00:00 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":97},{"name":"impact","value":5.99},{"name":"likelihood","value":1.94},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20256","priority_score":115,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.01128},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Sun Jan 24 2016 22:00:00 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":97},{"name":"impact","value":5.99},{"name":"likelihood","value":1.92},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"Mature","id":"SNYK-RUBY-ACTIONPACK-20264","priority_score":397,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"high"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.94666},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Sun Feb 28 2016 22:00:00 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":97},{"name":"impact","value":5.62},{"name":"likelihood","value":7.06},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Arbitrary Code Injection"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-2400638","priority_score":145,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"high"},{"name":"availability","value":"none"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00213},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Sun Feb 13 2022 15:26:40 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":97},{"name":"impact","value":8.63},{"name":"likelihood","value":1.67},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Information Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-1290052","priority_score":114,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00223},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Thu May 06 2021 15:41:49 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":97},{"name":"impact","value":5.99},{"name":"likelihood","value":1.9},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20255","priority_score":117,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.02031},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Sun Jan 24 2016 22:00:00 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":97},{"name":"impact","value":5.99},{"name":"likelihood","value":1.94},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-20256","priority_score":115,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.01128},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Sun Jan 24 2016 22:00:00 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":97},{"name":"impact","value":5.99},{"name":"likelihood","value":1.92},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"Mature","id":"SNYK-RUBY-ACTIONPACK-20264","priority_score":397,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"high"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.94666},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Sun Feb 28 2016 22:00:00 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":97},{"name":"impact","value":5.62},{"name":"likelihood","value":7.06},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Arbitrary Code Injection"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-2400638","priority_score":145,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"high"},{"name":"availability","value":"none"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00213},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Sun Feb 13 2022 15:26:40 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":97},{"name":"impact","value":8.63},{"name":"likelihood","value":1.67},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Information Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-RUBY-ACTIONPACK-1290052","priority_score":114,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00223},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Thu May 06 2021 15:41:49 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":97},{"name":"impact","value":5.99},{"name":"likelihood","value":1.9},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Denial of Servi...

@snyk-bot
fix: Gemfile & Gemfile.lock to reduce vulnerabilities
348ebe0 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-1290052
- https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20255
- https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20256
- https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-20264
- https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-2400638
- https://snyk.io/vuln/SNYK-RUBY-ACTIONVIEW-20262
- https://snyk.io/vuln/SNYK-RUBY-ACTIONVIEW-569156
- https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-1080913
- https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-20270
- https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-2960802
- https://snyk.io/vuln/SNYK-RUBY-ACTIVERECORD-3237239
- https://snyk.io/vuln/SNYK-RUBY-ACTIVESUPPORT-569598
- https://snyk.io/vuln/SNYK-RUBY-I18N-72582
- https://snyk.io/vuln/SNYK-RUBY-JSON-560838
- https://snyk.io/vuln/SNYK-RUBY-LOOFAH-3168317
- https://snyk.io/vuln/SNYK-RUBY-LOOFAH-474102
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-1293239
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-1726792
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20277
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20299
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20367
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20368
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20432
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-22013
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-22014
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2413994
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2620374
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2630623
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2630898
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-2840634
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-3052880
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-459107
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-534637
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-552159
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-6056551
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-6056552
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-6056553
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-6056554
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-6056555
- https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-72433
- https://snyk.io/vuln/SNYK-RUBY-PAPERCLIP-22001
- https://snyk.io/vuln/SNYK-RUBY-RACK-2848599
- https://snyk.io/vuln/SNYK-RUBY-RACK-2848600
- https://snyk.io/vuln/SNYK-RUBY-RACK-3356639
- https://snyk.io/vuln/SNYK-RUBY-RACK-569066
- https://snyk.io/vuln/SNYK-RUBY-RACK-6274385
- https://snyk.io/vuln/SNYK-RUBY-RAILS-1071903
- https://snyk.io/vuln/SNYK-RUBY-RAILSHTMLSANITIZER-3168646
- https://snyk.io/vuln/SNYK-RUBY-RAKE-552000
- https://snyk.io/vuln/SNYK-RUBY-RDOC-1279617
- https://snyk.io/vuln/SNYK-RUBY-RDOC-1316279
- https://snyk.io/vuln/SNYK-RUBY-SPROCKETS-22032
- https://snyk.io/vuln/SNYK-RUBY-TZINFO-2958048
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tim-snyk @snyk-bot