rails-6.0.0.gem: 12 vulnerabilities (highest severity is: 9.3)

[mend-for-github-com]

Vulnerable Library - rails-6.0.0.gem

Ruby on Rails is a full-stack web framework optimized for programmer happiness and sustainable productivity. It encourages beautiful code by favoring convention over configuration.

Library home page: https://rubygems.org/gems/rails-6.0.0.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/rails-6.0.0.gem

Found in HEAD commit: 10b00bba83d518df58b71c164d0be7c229d4b799

Vulnerabilities

CVE	Severity	CVSS	Exploit Maturity	EPSS	Dependency	Type	Fixed in (rails version)	Remediation Possible**	Reachability
CVE-2022-32224	Critical	9.3	Not Defined	0.1%	activerecord-6.0.0.gem	Transitive	N/A*	❌
CVE-2022-21831	Critical	9.2	Not Defined	4.8%	activestorage-6.0.0.gem	Transitive	N/A*	❌
CVE-2023-22799	High	8.7	Not Defined	0.1%	globalid-0.4.2.gem	Transitive	N/A*	❌
CVE-2023-22794	High	8.7	Not Defined	0.2%	activerecord-6.0.0.gem	Transitive	N/A*	❌
CVE-2022-44566	High	8.7	Not Defined	0.1%	activerecord-6.0.0.gem	Transitive	N/A*	❌
CVE-2020-8162	High	8.7	Not Defined	0.3%	activestorage-6.0.0.gem	Transitive	N/A*	❌
CVE-2021-22880	High	8.2	Not Defined	0.6%	detected in multiple dependencies	Direct	5.2.4.5,6.0.3.5,6.1.2.1	✅
CVE-2020-8167	High	7.1	Not Defined	0.3%	rails-6.0.0.gem	Direct	6.0.3.1,5.2.4.3	✅
CVE-2024-26144	Medium	6.9	Not Defined	0.0%	rails-6.0.0.gem	Direct	rails - 6.1.7.7,7.0.8.1	✅
CVE-2023-28120	Medium	5.3	Not Defined		rails-6.0.0.gem	Direct	rails - 6.1.7.3,7.0.4.3	✅
CVE-2023-23913	Medium	5.3	Not Defined		rails-6.0.0.gem	Direct	rails - 6.1.7.3,7.0.4.3	✅
CVE-2021-22881	Medium	5.3	Not Defined	0.2%	rails-6.0.0.gem	Direct	6.0.3.5,6.1.2.1	✅

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2022-32224

Vulnerable Library - activerecord-6.0.0.gem

Databases on Rails. Build a persistent domain model by mapping database tables to Ruby classes. Strong conventions for associations, validations, aggregations, migrations, and testing come baked-in.

Library home page: https://rubygems.org/gems/activerecord-6.0.0.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/activerecord-6.0.0.gem

Dependency Hierarchy:

• rails-6.0.0.gem (Root Library)
  • ❌ activerecord-6.0.0.gem (Vulnerable Library)

Found in HEAD commit: 10b00bba83d518df58b71c164d0be7c229d4b799

Found in base branch: master

Vulnerability Details

A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record < 7.0.3.1, <6.1.6.1, <6.0.5.1 and <5.2.8.1 which could allow an attacker, that can manipulate data in the database (via means like SQL injection), the ability to escalate to an RCE.

Publish Date: 2022-12-05

URL: CVE-2022-32224

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.1%

CVSS 4 Score Details (9.3)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: N/A
• Impact Metrics:
  • Confidentiality Impact: N/A
  • Integrity Impact: N/A
  • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-3hhc-qp5v-9p2j

Release Date: 2022-12-05

Fix Resolution: activerecord - 5.2.8.1,6.0.5.1,6.1.6.1,7.0.3.1

CVE-2022-21831

Vulnerable Library - activestorage-6.0.0.gem

Attach cloud and local files in Rails applications.

Library home page: https://rubygems.org/gems/activestorage-6.0.0.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/activestorage-6.0.0.gem

Dependency Hierarchy:

• rails-6.0.0.gem (Root Library)
  • ❌ activestorage-6.0.0.gem (Vulnerable Library)

Found in HEAD commit: 10b00bba83d518df58b71c164d0be7c229d4b799

Found in base branch: master

Vulnerability Details

A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments.

Publish Date: 2022-05-26

URL: CVE-2022-21831

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 4.8%

CVSS 4 Score Details (9.2)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: N/A
• Impact Metrics:
  • Confidentiality Impact: N/A
  • Integrity Impact: N/A
  • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-w749-p3v6-hccq

Release Date: 2022-05-26

Fix Resolution: activestorage - 5.2.6.3,6.0.4.7,6.1.4.7,7.0.2.3

CVE-2023-22799

Vulnerable Library - globalid-0.4.2.gem

URIs for your models makes it easy to pass references around.

Library home page: https://rubygems.org/gems/globalid-0.4.2.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/globalid-0.4.2.gem

Dependency Hierarchy:

• rails-6.0.0.gem (Root Library)
  • activejob-6.0.0.gem
    • ❌ globalid-0.4.2.gem (Vulnerable Library)

Found in HEAD commit: 10b00bba83d518df58b71c164d0be7c229d4b799

Found in base branch: master

Vulnerability Details

A ReDoS based DoS vulnerability in the GlobalID <1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an affected release should either upgrade or use one of the workarounds immediately.

Publish Date: 2023-02-09

URL: CVE-2023-22799

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.1%

CVSS 4 Score Details (8.7)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: N/A
• Impact Metrics:
  • Confidentiality Impact: N/A
  • Integrity Impact: N/A
  • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-23c2-gwp5-pxw9

Release Date: 2023-02-09

Fix Resolution: globalid - 1.0.1

CVE-2023-22794

Vulnerable Library - activerecord-6.0.0.gem

Databases on Rails. Build a persistent domain model by mapping database tables to Ruby classes. Strong conventions for associations, validations, aggregations, migrations, and testing come baked-in.

Library home page: https://rubygems.org/gems/activerecord-6.0.0.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/activerecord-6.0.0.gem

Dependency Hierarchy:

• rails-6.0.0.gem (Root Library)
  • ❌ activerecord-6.0.0.gem (Vulnerable Library)

Found in HEAD commit: 10b00bba83d518df58b71c164d0be7c229d4b799

Found in base branch: master

Vulnerability Details

A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the annotate query method, the optimizer_hints query method, or through the QueryLogs interface which automatically adds annotations, it may be sent to the database withinsufficient sanitization and be able to inject SQL outside of the comment.

Publish Date: 2023-02-09

URL: CVE-2023-22794

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.2%

CVSS 4 Score Details (8.7)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: N/A
• Impact Metrics:
  • Confidentiality Impact: N/A
  • Integrity Impact: N/A
  • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-hq7p-j377-6v63

Release Date: 2023-02-09

Fix Resolution: activerecord - 6.0.6.1,6.1.7.1,7.0.4.1

CVE-2022-44566

Vulnerable Library - activerecord-6.0.0.gem

Databases on Rails. Build a persistent domain model by mapping database tables to Ruby classes. Strong conventions for associations, validations, aggregations, migrations, and testing come baked-in.

Library home page: https://rubygems.org/gems/activerecord-6.0.0.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/activerecord-6.0.0.gem

Dependency Hierarchy:

• rails-6.0.0.gem (Root Library)
  • ❌ activerecord-6.0.0.gem (Vulnerable Library)

Found in HEAD commit: 10b00bba83d518df58b71c164d0be7c229d4b799

Found in base branch: master

Vulnerability Details

A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter <7.0.4.1 and <6.1.7.1. When a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric. Comparing integer values against numeric values can result in a slow sequential scan resulting in potential Denial of Service.

Publish Date: 2023-02-09

URL: CVE-2022-44566

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.1%

CVSS 4 Score Details (8.7)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: N/A
• Impact Metrics:
  • Confidentiality Impact: N/A
  • Integrity Impact: N/A
  • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-579w-22j4-4749

Release Date: 2023-02-09

Fix Resolution: activerecord - 6.1.7.1,7.0.4.1

CVE-2020-8162

Vulnerable Library - activestorage-6.0.0.gem

Attach cloud and local files in Rails applications.

Library home page: https://rubygems.org/gems/activestorage-6.0.0.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/activestorage-6.0.0.gem

Dependency Hierarchy:

• rails-6.0.0.gem (Root Library)
  • ❌ activestorage-6.0.0.gem (Vulnerable Library)

Found in HEAD commit: 10b00bba83d518df58b71c164d0be7c229d4b799

Found in base branch: master

Vulnerability Details

A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits.

Publish Date: 2020-06-19

URL: CVE-2020-8162

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.3%

CVSS 4 Score Details (8.7)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: N/A
• Impact Metrics:
  • Confidentiality Impact: N/A
  • Integrity Impact: N/A
  • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-m42x-37p3-fv5w

Release Date: 2020-06-19

Fix Resolution: 5.2.4.3,6.0.3.1

CVE-2021-22880

Vulnerable Libraries - rails-6.0.0.gem, activerecord-6.0.0.gem

rails-6.0.0.gem

Ruby on Rails is a full-stack web framework optimized for programmer happiness and sustainable productivity. It encourages beautiful code by favoring convention over configuration.

Library home page: https://rubygems.org/gems/rails-6.0.0.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/rails-6.0.0.gem

Dependency Hierarchy:

• ❌ rails-6.0.0.gem (Vulnerable Library)

activerecord-6.0.0.gem

Databases on Rails. Build a persistent domain model by mapping database tables to Ruby classes. Strong conventions for associations, validations, aggregations, migrations, and testing come baked-in.

Library home page: https://rubygems.org/gems/activerecord-6.0.0.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/activerecord-6.0.0.gem

Dependency Hierarchy:

• rails-6.0.0.gem (Root Library)
  • ❌ activerecord-6.0.0.gem (Vulnerable Library)

Found in HEAD commit: 10b00bba83d518df58b71c164d0be7c229d4b799

Found in base branch: master

Vulnerability Details

The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validation in the money type of the PostgreSQL adapter in Active Record to spend too much time in a regular expression, resulting in the potential for a DoS attack. This only impacts Rails applications that are using PostgreSQL along with money type columns that take user input.

Publish Date: 2021-02-11

URL: CVE-2021-22880

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.6%

CVSS 4 Score Details (8.2)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: N/A
• Impact Metrics:
  • Confidentiality Impact: N/A
  • Integrity Impact: N/A
  • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://discuss.rubyonrails.org/t/cve-2021-22880-possible-dos-vulnerability-in-active-record-postgresql-adapter/77129

Release Date: 2021-02-11

Fix Resolution: 5.2.4.5,6.0.3.5,6.1.2.1

In order to enable automatic remediation, please create workflow rules

CVE-2020-8167

Vulnerable Library - rails-6.0.0.gem

Ruby on Rails is a full-stack web framework optimized for programmer happiness and sustainable productivity. It encourages beautiful code by favoring convention over configuration.

Library home page: https://rubygems.org/gems/rails-6.0.0.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/rails-6.0.0.gem

Dependency Hierarchy:

• ❌ rails-6.0.0.gem (Vulnerable Library)

Found in HEAD commit: 10b00bba83d518df58b71c164d0be7c229d4b799

Found in base branch: master

Vulnerability Details

A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains.

Publish Date: 2020-06-19

URL: CVE-2020-8167

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.3%

CVSS 4 Score Details (7.1)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: N/A
  • Scope: N/A
• Impact Metrics:
  • Confidentiality Impact: N/A
  • Integrity Impact: N/A
  • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://rubygems.org/gems/rails/versions/6.0.3.1

Release Date: 2020-06-19

Fix Resolution: 6.0.3.1,5.2.4.3

In order to enable automatic remediation, please create workflow rules

CVE-2024-26144

Vulnerable Library - rails-6.0.0.gem

Ruby on Rails is a full-stack web framework optimized for programmer happiness and sustainable productivity. It encourages beautiful code by favoring convention over configuration.

Library home page: https://rubygems.org/gems/rails-6.0.0.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/rails-6.0.0.gem

Dependency Hierarchy:

• ❌ rails-6.0.0.gem (Vulnerable Library)

Found in HEAD commit: 10b00bba83d518df58b71c164d0be7c229d4b799

Found in base branch: master

Vulnerability Details

Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain proxies may cache the Set-Cookie, leading to an information leak. The vulnerability is fixed in 7.0.8.1 and 6.1.7.7.

Publish Date: 2024-02-27

URL: CVE-2024-26144

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.0%

CVSS 4 Score Details (6.9)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: N/A
• Impact Metrics:
  • Confidentiality Impact: N/A
  • Integrity Impact: N/A
  • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-8h22-8cf7-hq6g

Release Date: 2024-02-27

Fix Resolution: rails - 6.1.7.7,7.0.8.1

In order to enable automatic remediation, please create workflow rules

CVE-2023-28120

Vulnerable Library - rails-6.0.0.gem

Ruby on Rails is a full-stack web framework optimized for programmer happiness and sustainable productivity. It encourages beautiful code by favoring convention over configuration.

Library home page: https://rubygems.org/gems/rails-6.0.0.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/rails-6.0.0.gem

Dependency Hierarchy:

• ❌ rails-6.0.0.gem (Vulnerable Library)

Found in HEAD commit: 10b00bba83d518df58b71c164d0be7c229d4b799

Found in base branch: master

Vulnerability Details

A Possible XSS Security Vulnerability was discovered in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input. ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input. All versions before 6.1.7.3 and 7.x before 7.0.4.3 are affected.

Publish Date: 2023-03-11

URL: CVE-2023-28120

Threat Assessment

Exploit Maturity: Not Defined

EPSS:

CVSS 4 Score Details (5.3)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: N/A
  • Scope: N/A
• Impact Metrics:
  • Confidentiality Impact: N/A
  • Integrity Impact: N/A
  • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://discuss.rubyonrails.org/t/cve-2023-28120-possible-xss-security-vulnerability-in-safebuffer-bytesplice/82469

Release Date: 2023-03-11

Fix Resolution: rails - 6.1.7.3,7.0.4.3

In order to enable automatic remediation, please create workflow rules

CVE-2023-23913

Vulnerable Library - rails-6.0.0.gem

Ruby on Rails is a full-stack web framework optimized for programmer happiness and sustainable productivity. It encourages beautiful code by favoring convention over configuration.

Library home page: https://rubygems.org/gems/rails-6.0.0.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/rails-6.0.0.gem

Dependency Hierarchy:

• ❌ rails-6.0.0.gem (Vulnerable Library)

Found in HEAD commit: 10b00bba83d518df58b71c164d0be7c229d4b799

Found in base branch: master

Vulnerability Details

There is a potential DOM based cross-site scripting issue in rails-ujs from 5.1.0 before 6.1.7.3 and 7.0.0 before 7.0.4.3, which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML content from the clipboard that includes a data-method, data-remote or data-disable-with attribute.

Publish Date: 2023-01-20

URL: CVE-2023-23913

Threat Assessment

Exploit Maturity: Not Defined

EPSS:

CVSS 4 Score Details (5.3)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: N/A
  • Scope: N/A
• Impact Metrics:
  • Confidentiality Impact: N/A
  • Integrity Impact: N/A
  • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://discuss.rubyonrails.org/t/cve-2023-23913-dom-based-cross-site-scripting-in-rails-ujs-for-contenteditable-html-elements/82468

Release Date: 2023-01-20

Fix Resolution: rails - 6.1.7.3,7.0.4.3

In order to enable automatic remediation, please create workflow rules

CVE-2021-22881

Vulnerable Library - rails-6.0.0.gem

Ruby on Rails is a full-stack web framework optimized for programmer happiness and sustainable productivity. It encourages beautiful code by favoring convention over configuration.

Library home page: https://rubygems.org/gems/rails-6.0.0.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/rails-6.0.0.gem

Dependency Hierarchy:

• ❌ rails-6.0.0.gem (Vulnerable Library)

Found in HEAD commit: 10b00bba83d518df58b71c164d0be7c229d4b799

Found in base branch: master

Vulnerability Details

The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. Impacted applications will have allowed hosts with a leading dot. When an allowed host contains a leading dot, a specially crafted Host header can be used to redirect to a malicious website.

Publish Date: 2021-02-11

URL: CVE-2021-22881

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.2%

CVSS 4 Score Details (5.3)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: N/A
  • Scope: N/A
• Impact Metrics:
  • Confidentiality Impact: N/A
  • Integrity Impact: N/A
  • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://discuss.rubyonrails.org/t/cve-2021-22881-possible-open-redirect-in-host-authorization-middleware/77130

Release Date: 2024-08-01

Fix Resolution: 6.0.3.5,6.1.2.1

In order to enable automatic remediation, please create workflow rules

---

In order to enable automatic remediation for this issue, please create workflow rules

[mend-for-github-com]

✔️ This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

[mend-for-github-com]

ℹ️ This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.