Title: [Snyk] Fix for 21 vulnerabilities by irinazheltisheva · Pull Request #10 · https-githubsup-com/pixellate · GitHub
Open Graph Title: [Snyk] Fix for 21 vulnerabilities by irinazheltisheva · Pull Request #10 · https-githubsup-com/pixellate
X Title: [Snyk] Fix for 21 vulnerabilities by irinazheltisheva · Pull Request #10 · https-githubsup-com/pixellate
Description: This PR was automatically created by Snyk using the credentials of a real user.Snyk has created this PR to fix one or more vulnerable packages in the `rubygems` dependencies of this project. Changes included in this PR Changes to the following files to upgrade the vulnerable dependencies to a fixed version: Gemfile Gemfile.lock Vulnerabilities that will be fixed With an upgrade: Severity Priority Score (*) Issue Breaking Change Exploit Maturity 479/1000 Why? Has a fix available, CVSS 5.3 Regular Expression Denial of Service (ReDoS) SNYK-RUBY-ACTIVESUPPORT-3237242 Yes No Known Exploit 591/1000 Why? Recently disclosed, Has a fix available, CVSS 6.1 Cross-site Scripting (XSS) SNYK-RUBY-ACTIVESUPPORT-3360028 Yes No Known Exploit 834/1000 Why? Mature exploit, Has a fix available, CVSS 8.1 Deserialization of Untrusted Data SNYK-RUBY-ACTIVESUPPORT-569598 Yes Mature 589/1000 Why? Has a fix available, CVSS 7.5 Regular Expression Denial of Service (ReDoS) SNYK-RUBY-ADDRESSABLE-1316242 No No Known Exploit 654/1000 Why? Has a fix available, CVSS 8.8 Integer Overflow or Wraparound SNYK-RUBY-COMMONMARKER-2415031 Yes No Known Exploit 486/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.3 Out-of-bounds Read SNYK-RUBY-COMMONMARKER-3318398 Yes Proof of Concept 429/1000 Why? Has a fix available, CVSS 4.3 Denial of Service (DoS) SNYK-RUBY-COMMONMARKER-3318399 Yes No Known Exploit 646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5 Denial of Service (DoS) SNYK-RUBY-COMMONMARKER-3318400 Yes Proof of Concept 536/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.3 Denial of Service (DoS) SNYK-RUBY-COMMONMARKER-3318401 Yes Proof of Concept 505/1000 Why? Has a fix available, CVSS 5.6 Deserialization of Untrusted Data SNYK-RUBY-KRAMDOWN-1087436 Yes No Known Exploit 574/1000 Why? Has a fix available, CVSS 7.2 Remote Code Execution SNYK-RUBY-KRAMDOWN-585939 Yes No Known Exploit 344/1000 Why? Has a fix available, CVSS 2.6 XML External Entity (XXE) Injection SNYK-RUBY-NOKOGIRI-1055008 No No Known Exploit 696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 Denial of Service (DoS) SNYK-RUBY-NOKOGIRI-1293239 No Proof of Concept 589/1000 Why? Has a fix available, CVSS 7.5 XML External Entity (XXE) Injection SNYK-RUBY-NOKOGIRI-1726792 No No Known Exploit 619/1000 Why? Has a fix available, CVSS 8.1 Use After Free SNYK-RUBY-NOKOGIRI-2413994 No No Known Exploit 589/1000 Why? Has a fix available, CVSS 7.5 Regular Expression Denial of Service (ReDoS) SNYK-RUBY-NOKOGIRI-2620374 No No Known Exploit 589/1000 Why? Has a fix available, CVSS 7.5 Out-of-bounds Write SNYK-RUBY-NOKOGIRI-2630623 No No Known Exploit 589/1000 Why? Has a fix available, CVSS 7.5 Denial of Service (DoS) SNYK-RUBY-NOKOGIRI-2630898 No No Known Exploit 624/1000 Why? Has a fix available, CVSS 8.2 Improper Handling of Unexpected Data Type SNYK-RUBY-NOKOGIRI-2840634 No No Known Exploit 589/1000 Why? Has a fix available, CVSS 7.5 NULL Pointer Dereference SNYK-RUBY-NOKOGIRI-3052880 No No Known Exploit 589/1000 Why? Has a fix available, CVSS 7.5 Directory Traversal SNYK-RUBY-TZINFO-2958048 No No Known Exploit (*) Note that the real score may have changed since the PR was raised. Check the changes in this PR to ensure they won't cause issues with your project. Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs. For more information: 🧐 View latest project report 🛠 Adjust project settings 📚 Read more about Snyk's upgrade and patch logic Learn how to fix vulnerabilities with free interactive lessons: 🦉 Regular Expression Denial of Service (ReDoS) 🦉 Cross-site Scripting (XSS) 🦉 Deserialization of Untrusted Data 🦉 More lessons are available in Snyk Learn
Open Graph Description: This PR was automatically created by Snyk using the credentials of a real user.Snyk has created this PR to fix one or more vulnerable packages in the `rubygems` dependencies of this project. Change...
X Description: This PR was automatically created by Snyk using the credentials of a real user.Snyk has created this PR to fix one or more vulnerable packages in the `rubygems` dependencies of this project. Change...
Opengraph URL: https://github.com/https-githubsup-com/pixellate/pull/10
X: @github
Domain: github.com
| route-pattern | /:user_id/:repository/pull/:id/files(.:format) |
| route-controller | pull_requests |
| route-action | files |
| fetch-nonce | v2:d168320e-28a6-8795-e9f1-ba0bdab83d86 |
| current-catalog-service-hash | ae870bc5e265a340912cde392f23dad3671a0a881730ffdadd82f2f57d81641b |
| request-id | B86C:2BD65D:46444E:5DC513:6A519337 |
| html-safe-nonce | 099293241d716b153b438c1ac5557055ebbf3777e74567bb64136fcadc4a9b16 |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJCODZDOjJCRDY1RDo0NjQ0NEU6NURDNTEzOjZBNTE5MzM3IiwidmlzaXRvcl9pZCI6IjcwNzE5MDkyNjY2NDc1MjAwNTUiLCJyZWdpb25fZWRnZSI6ImlhZCIsInJlZ2lvbl9yZW5kZXIiOiJpYWQifQ== |
| visitor-hmac | 28d9dcbaad434be2e78028c70bac6e9ed74387ff4e5fe5a8f18b0101f3b4c67e |
| hovercard-subject-tag | pull_request:1302063577 |
| github-keyboard-shortcuts | repository,pull-request-list,pull-request-conversation,pull-request-files-changed,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/https-githubsup-com/pixellate/pull/10/files |
| twitter:image | https://avatars.githubusercontent.com/u/70594426?s=400&v=4 |
| twitter:card | summary_large_image |
| og:image | https://avatars.githubusercontent.com/u/70594426?s=400&v=4 |
| og:image:alt | This PR was automatically created by Snyk using the credentials of a real user.Snyk has created this PR to fix one or more vulnerable packages in the `rubygems` dependencies of this project. Change... |
| og:site_name | GitHub |
| og:type | object |
| hostname | github.com |
| expected-hostname | github.com |
| None | b9a586c06a05a7a86fc7e3f4dbd03e42f6869085879aa184aa6369456dbd50fb |
| turbo-cache-control | no-preview |
| diff-view | unified |
| go-import | github.com/https-githubsup-com/pixellate git https://github.com/https-githubsup-com/pixellate.git |
| octolytics-dimension-user_id | 70625322 |
| octolytics-dimension-user_login | https-githubsup-com |
| octolytics-dimension-repository_id | 299540170 |
| octolytics-dimension-repository_nwo | https-githubsup-com/pixellate |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | true |
| octolytics-dimension-repository_parent_id | 295381455 |
| octolytics-dimension-repository_parent_nwo | irinazheltisheva/pixellate |
| octolytics-dimension-repository_network_root_id | 295381455 |
| octolytics-dimension-repository_network_root_nwo | irinazheltisheva/pixellate |
| turbo-body-classes | logged-out env-production page-responsive full-width |
| disable-turbo | true |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | 7aed05249554b889eb33d002851a973eebcc7e91 |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width