Vulnerable Dependencies in the Repository #9115

quantumseclabs · 2024-12-08T22:39:07Z

Pull Request

No response

What happened?

Bug Report: Vulnerable Dependencies in the Repository

Description

Two dependencies in the Gemfile.lock that are affected by known vulnerabilities, which may pose a risk to the security and reliability of the repository.

Dependency: webrick@1.8.1
- Issue: Vulnerable to CVE-2024-47220 (HTTP request smuggling).
- Recommendation: Update to webrick@1.8.2 or later.
Dependency: rexml@3.2.5
- Issue: Vulnerable to CVE-2024-49761 (Regular Expression Denial of Service - ReDoS).
- Recommendation: Update to rexml@3.3.9 or later.

File Location

Gemfile.lock:
- webrick (1.8.1) at line 288.
- rexml (3.2.5) at line 260.

Impact

These vulnerabilities could expose the repository to security risks, such as HTTP smuggling attacks and potential Denial of Service (DoS) threats. It is recommended to update these dependencies promptly.

Relevant log output

No response

The text was updated successfully, but these errors were encountered:

Fendyzainol9 · 2024-12-13T19:54:13Z

Alhamdulillah

quantumseclabs added the bug If this is a PR, this PR fixes a bug. If this is an issue, this issue reports a bug. label Dec 8, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Vulnerable Dependencies in the Repository #9115

Vulnerable Dependencies in the Repository #9115

quantumseclabs commented Dec 8, 2024 •

edited

Loading

Fendyzainol9 commented Dec 13, 2024

Vulnerable Dependencies in the Repository #9115

Vulnerable Dependencies in the Repository #9115

Comments

quantumseclabs commented Dec 8, 2024 • edited Loading

Pull Request

What happened?

Bug Report: Vulnerable Dependencies in the Repository

Description

File Location

Impact

Relevant log output

Fendyzainol9 commented Dec 13, 2024

quantumseclabs commented Dec 8, 2024 •

edited

Loading