[Snyk-dev] Fix for 36 vulnerabilities #1

snyk-bot · 2020-12-22T14:57:10Z

Snyk has created this PR to fix one or more vulnerable packages in the `rubygems` dependencies of this project.

✨ Snyk has automatically assigned this pull request, set who gets assigned.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- Gemfile

⚠️

Warning

Failed to update the Gemfile.lock, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
429/1000 Why? Has a fix available, CVSS 4.3	Cross-site Scripting (XSS) SNYK-RUBY-ACTIONPACK-20147	No	No Known Exploit
429/1000 Why? Has a fix available, CVSS 4.3	Directory Traversal SNYK-RUBY-ACTIONPACK-20158	No	No Known Exploit
429/1000 Why? Has a fix available, CVSS 4.3	Arbitrary File Existence Exposure SNYK-RUBY-ACTIONPACK-20198	No	No Known Exploit
479/1000 Why? Has a fix available, CVSS 5.3	Arbitrary File Existence Exposure SNYK-RUBY-ACTIONPACK-20200	No	No Known Exploit
589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-RUBY-ACTIONPACK-20255	No	No Known Exploit
589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-RUBY-ACTIONPACK-20256	No	No Known Exploit
399/1000 Why? Has a fix available, CVSS 3.7	Timing Attack SNYK-RUBY-ACTIONPACK-20258	No	No Known Exploit
794/1000 Why? Mature exploit, Has a fix available, CVSS 7.3	Arbitrary Code Injection SNYK-RUBY-ACTIONPACK-20264	No	Mature
539/1000 Why? Has a fix available, CVSS 6.5	Cross-site Request Forgery (CSRF) SNYK-RUBY-ACTIONPACK-569599	Yes	No Known Exploit
539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-RUBY-ACTIONPACK-569600	Yes	No Known Exploit
529/1000 Why? Has a fix available, CVSS 6.3	Data Injection SNYK-RUBY-ACTIVERECORD-20149	No	No Known Exploit
579/1000 Why? Has a fix available, CVSS 7.3	SQL Injection SNYK-RUBY-ACTIVERECORD-20184	No	No Known Exploit
579/1000 Why? Has a fix available, CVSS 7.3	Arbitrary Data Injection SNYK-RUBY-ACTIVERECORD-20190	No	No Known Exploit
479/1000 Why? Has a fix available, CVSS 5.3	Nested Attributes Rejection Bypass SNYK-RUBY-ACTIVERECORD-20259	No	No Known Exploit
479/1000 Why? Has a fix available, CVSS 5.3	Denial of Service (DoS) SNYK-RUBY-ACTIVESUPPORT-20229	No	No Known Exploit
630/1000 Why? Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-RUBY-ACTIVESUPPORT-569598	Yes	No Known Exploit
589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-RUBY-I18N-72582	No	No Known Exploit
479/1000 Why? Has a fix available, CVSS 5.3	Cross-site Request Forgery (CSRF) SNYK-RUBY-JQUERYRAILS-20225	No	No Known Exploit
601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-RUBY-JQUERYRAILS-450225	Yes	Proof of Concept
636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Cross-site Scripting (XSS) SNYK-RUBY-JQUERYRAILS-565439	Yes	Proof of Concept
539/1000 Why? Has a fix available, CVSS 6.5	Cross-site Request Forgery (CSRF) SNYK-RUBY-JQUERYRAILS-575390	No	No Known Exploit
679/1000 Why? Has a fix available, CVSS 9.3	Denial of Service (DoS) SNYK-RUBY-JSON-560838	No	No Known Exploit
519/1000 Why? Has a fix available, CVSS 6.1	SMTP Injection SNYK-RUBY-MAIL-20244	No	No Known Exploit
479/1000 Why? Has a fix available, CVSS 5.3	Denial of Service (DoS) SNYK-RUBY-RACK-20230	No	No Known Exploit
479/1000 Why? Has a fix available, CVSS 5.3	IP Spoofing SNYK-RUBY-RACK-20399	No	No Known Exploit
479/1000 Why? Has a fix available, CVSS 5.3	Denial of Service (DoS) SNYK-RUBY-RACK-20400	No	No Known Exploit
479/1000 Why? Has a fix available, CVSS 5.3	Information Exposure SNYK-RUBY-RACK-538324	No	No Known Exploit
589/1000 Why? Has a fix available, CVSS 7.5	Directory Traversal SNYK-RUBY-RACK-569066	Yes	No Known Exploit
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Cross-site Request Forgery (CSRF) SNYK-RUBY-RACK-572377	Yes	Proof of Concept
519/1000 Why? Has a fix available, CVSS 6.1	Cross-site Scripting (XSS) SNYK-RUBY-RACK-72567	No	No Known Exploit
479/1000 Why? Has a fix available, CVSS 5.3	Timing Attack SNYK-RUBY-RAILTIES-20454	Yes	No Known Exploit
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Arbitrary Code Injection SNYK-RUBY-RAKE-552000	No	Proof of Concept
479/1000 Why? Has a fix available, CVSS 5.3	Arbitrary File Existence Exposure SNYK-RUBY-SPROCKETS-20199	No	No Known Exploit
589/1000 Why? Has a fix available, CVSS 7.5	Directory Traversal SNYK-RUBY-SPROCKETS-22032	No	No Known Exploit
539/1000 Why? Has a fix available, CVSS 6.5	Cross-site Scripting (XSS) SNYK-RUBY-TURBOLINKS-20429	Yes	No Known Exploit
539/1000 Why? Has a fix available, CVSS 6.5	Improper minification of non-boolean comparisons SNYK-RUBY-UGLIFIER-20236	No	No Known Exploit