Created by: gracewashere
output from bundle-audit:
Name: activesupport
Version: 4.2.0
Advisory: CVE-2015-3226
Criticality: Unknown
URL:
https://groups.google.com/forum/#!topic/ruby-security-ann/7VlB_pck3hU
Title: XSS Vulnerability in ActiveSupport::JSON.encode
Solution: upgrade to >= 4.2.2, ~> 4.1.11
Name: activesupport
Version: 4.2.0
Advisory: CVE-2015-3227
Criticality: Unknown
URL:
https://groups.google.com/forum/#!topic/rubyonrails-security/bahr2JLnxvk
Title: Possible Denial of Service attack in Active Support
Solution: upgrade to >= 4.2.2, ~> 4.1.11, ~> 3.2.22
Name: jquery-rails
Version: 4.0.3
Advisory: CVE-2015-1840
Criticality: Unknown
URL:
https://groups.google.com/forum/#!topic/ruby-security-ann/XIZPbobuwaY
Title: CSRF Vulnerability in jquery-ujs and jquery-rails
Solution: upgrade to >= 4.0.4, ~> 3.1.3
Name: rack
Version: 1.6.0
Advisory: CVE-2015-3225
Criticality: Unknown
URL:
https://groups.google.com/forum/#!topic/ruby-security-ann/gcUbICUmKMc
Title: Potential Denial of Service Vulnerability in Rack
Solution: upgrade to >= 1.6.2, ~> 1.5.4, ~> 1.4.6
Name: web-console
Version: 2.0.0
Advisory: CVE-2015-3224
Criticality: Unknown
URL:
https://groups.google.com/forum/#!topic/ruby-security-ann/lzmz9_ijUFw
Title: IP whitelist bypass in Web Console
Solution: upgrade to >= 2.1.3
Unpatched versions found!