Skip to content

Commit

Permalink
fix vulnerabilities loofah nokogiri puma in 1.9
Browse files Browse the repository at this point in the history
Name: loofah
Version: 2.2.3
Advisory: CVE-2019-15587
Criticality: Unknown
URL: flavorjones/loofah#171
Title: Loofah XSS Vulnerability
Solution: upgrade to >= 2.3.1

Name: nokogiri
Version: 1.10.4
Advisory: CVE-2019-13117
Criticality: Unknown
URL: sparklemotion/nokogiri#1943
Title: Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Solution: upgrade to >= 1.10.5

Name: puma
Version: 3.12.1
Advisory: CVE-2019-16770
Criticality: High
URL: GHSA-7xx3-m584-x994
Title: Keepalive thread overload/DoS in puma
Solution: upgrade to ~> 3.12.2, >= 4.3.1
  • Loading branch information
senid231 committed Dec 11, 2019
1 parent fad3abb commit b61d770
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions Gemfile.lock
Original file line number Diff line number Diff line change
Expand Up @@ -228,7 +228,7 @@ GEM
concurrent-ruby (1.1.4)
crack (0.4.3)
safe_yaml (~> 1.0.0)
crass (1.0.4)
crass (1.0.5)
d3-rails (3.5.2)
railties (>= 3.1)
daemons (1.2.6)
Expand Down Expand Up @@ -321,7 +321,7 @@ GEM
addressable (~> 2.3)
libv8 (3.16.14.19)
locale (2.1.2)
loofah (2.2.3)
loofah (2.4.0)
crass (~> 1.0.2)
nokogiri (>= 1.5.9)
mail (2.7.1)
Expand All @@ -340,7 +340,7 @@ GEM
net_tcp_client (2.0.1)
netstring (0.0.3)
nio4r (2.3.1)
nokogiri (1.10.4)
nokogiri (1.10.7)
mini_portile2 (~> 2.4.0)
oj (2.18.5)
orm_adapter (0.5.0)
Expand All @@ -355,7 +355,7 @@ GEM
pg (1.0.0)
powerpack (0.1.2)
public_suffix (3.0.3)
puma (3.12.1)
puma (3.12.2)
puma_worker_killer (0.1.0)
get_process_mem (~> 0.2)
puma (>= 2.7, < 4)
Expand Down

0 comments on commit b61d770

Please sign in to comment.