Rails 5.0 Vulnerabilities
In order to calculate Rails 5.0 vulnerabilities we created an application using
the latest patch version of Rails 5.0 and we ran bundler-audit
to find all known vulnerabilities.
Here we list the security risks related to a sample Rails 5.0 application.
VULNERABLE GEM: ACTIONVIEW@5.0.7.2
Possible XSS vulnerability in ActionView
Description
There is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the j or escape_javascript methods may be susceptible to XSS attacks.
Versions Affected: All. Not affected: None. Fixed Versions: 6.0.2.2, 5.2.4.2
IMPACT
There is a possible XSS vulnerability in the j and escape_javascript methods in ActionView. These methods are used for escaping JavaScript string literals. Impacted code will look something like this:
<script>let a = `<%= j unknown_input %>`</script>or
<script>let a = `<%= escape_javascript unknown_input %>`</script>RELEASES
The 6.0.2.2 and 5.2.4.2 releases are available at the normal locations.
WORKAROUNDS
For those that can't upgrade, the following monkey patch may be used:
ActionView::Helpers::JavaScriptHelper::JS_ESCAPE_MAP.merge!(
{
"`" => "\\`",
"$" => "\\$"
}
)
module ActionView::Helpers::JavaScriptHelper
alias :old_ej :escape_javascript
alias :old_j :j
def escape_javascript(javascript)
javascript = javascript.to_s
if javascript.empty?
result = ""
else
result = javascript.gsub(/(\\|<\/|\r\n|\342\200\250|\342\200\251|[\n\r"']|[`]|[$])/u, JS_ESCAPE_MAP)
end
javascript.html_safe? ? result.html_safe : result
end
alias :j :escape_javascript
endVULNERABLE GEM: actionpack@5.0.7.2
Possible Strong Parameters Bypass in ActionPack
Description
Reported by bundler-audit. Criticality: High.
Solution: update to ~> 5.2.4, >= 5.2.4.3, >= 6.0.3.1.
For full impact, workarounds, and patches, see the linked advisory.
VULNERABLE GEM: actionpack@5.0.7.2
Ability to forge per-form CSRF tokens given a global CSRF token
Description
Reported by bundler-audit. Criticality: Medium.
Solution: update to ~> 5.2.4, >= 5.2.4.3, >= 6.0.3.1.
For full impact, workarounds, and patches, see the linked advisory.
VULNERABLE GEM: actionview@5.0.7.2
CSRF Vulnerability in rails-ujs
Description
Reported by bundler-audit. Criticality: Medium.
Solution: update to ~> 5.2.4, >= 5.2.4.3, >= 6.0.3.1.
For full impact, workarounds, and patches, see the linked advisory.
VULNERABLE GEM: activesupport@5.0.7.2
Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
Description
Reported by bundler-audit. Criticality: Critical.
Solution: update to ~> 5.2.4, >= 5.2.4.3, >= 6.0.3.1.
For full impact, workarounds, and patches, see the linked advisory.
VULNERABLE GEM: actionview@5.0.7.2
Potential XSS vulnerability in Action View
Description
Reported by bundler-audit. Criticality: Medium.
Solution: update to ~> 5.2.4, >= 5.2.4.4, >= 6.0.3.3.
For full impact, workarounds, and patches, see the linked advisory.
VULNERABLE GEM: activerecord@5.0.7.2
Possible DoS Vulnerability in Active Record PostgreSQL adapter
Description
Reported by bundler-audit. Criticality: Medium.
Solution: update to ~> 5.2.4, >= 5.2.4.5, ~> 6.0.3, >= 6.0.3.5, >= 6.1.2.1.
For full impact, workarounds, and patches, see the linked advisory.
VULNERABLE GEM: actionpack@5.0.7.2
Possible Information Disclosure / Unintended Method Execution in Action Pack
Description
Reported by bundler-audit. Criticality: High.
Solution: update to ~> 5.2.4.6, ~> 5.2.6, ~> 6.0.3, >= 6.0.3.7, >= 6.1.3.2.
For full impact, workarounds, and patches, see the linked advisory.
VULNERABLE GEM: actionpack@5.0.7.2
Possible DoS Vulnerability in Action Controller Token Authentication
Description
Reported by bundler-audit. Criticality: High.
Solution: update to ~> 5.2.4.6, ~> 5.2.6, ~> 6.0.3, >= 6.0.3.7, >= 6.1.3.2.
For full impact, workarounds, and patches, see the linked advisory.
VULNERABLE GEM: actionpack@5.0.7.2
Possible exposure of information vulnerability in Action Pack
Description
Reported by bundler-audit. Criticality: High.
Solution: update to ~> 5.2.6, >= 5.2.6.2, ~> 6.0.4, >= 6.0.4.6, ~> 6.1.4, >= 6.1.4.6, >= 7.0.2.2.
For full impact, workarounds, and patches, see the linked advisory.
VULNERABLE GEM: actionview@5.0.7.2
Possible XSS Vulnerability in Action View tag helpers
Description
Reported by bundler-audit. Criticality: Medium.
Solution: update to ~> 5.2.7, >= 5.2.7.1, ~> 6.0.4, >= 6.0.4.8, ~> 6.1.5, >= 6.1.5.1, >= 7.0.2.4.
For full impact, workarounds, and patches, see the linked advisory.
VULNERABLE GEM: activerecord@5.0.7.2
Possible RCE escalation bug with Serialized Columns in Active Record
Description
Reported by bundler-audit. Criticality: Critical.
Solution: update to ~> 5.2.8, >= 5.2.8.1, ~> 6.0.5, >= 6.0.5.1, ~> 6.1.6, >= 6.1.6.1, >= 7.0.3.1.
For full impact, workarounds, and patches, see the linked advisory.
VULNERABLE GEM: actionpack@5.0.7.2
ReDoS based DoS vulnerability in Action Dispatch
Description
Reported by bundler-audit. Criticality: Unknown.
Solution: update to ~> 5.2.8, ~> 6.1.7, >= 6.1.7.1, >= 7.0.4.1.
For full impact, workarounds, and patches, see the linked advisory.
VULNERABLE GEM: actionpack@5.0.7.2
ReDoS based DoS vulnerability in Action Dispatch
Description
Reported by bundler-audit. Criticality: Unknown.
Solution: update to ~> 5.2.8, ~> 6.1.7, >= 6.1.7.1, >= 7.0.4.1.
For full impact, workarounds, and patches, see the linked advisory.
VULNERABLE GEM: activerecord@5.0.7.2
Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Description
Reported by bundler-audit. Criticality: High.
Solution: update to ~> 5.2.8, ~> 6.1.7, >= 6.1.7.1, >= 7.0.4.1.
For full impact, workarounds, and patches, see the linked advisory.
VULNERABLE GEM: activesupport@5.0.7.2
ReDoS based DoS vulnerability in Active Support’s underscore
Description
Reported by bundler-audit. Criticality: Unknown.
Solution: update to ~> 5.2.8, ~> 6.1.7, >= 6.1.7.1, >= 7.0.4.1.
For full impact, workarounds, and patches, see the linked advisory.
VULNERABLE GEM: activesupport@5.0.7.2
Possible XSS Security Vulnerability in SafeBuffer#bytesplice
Description
Reported by bundler-audit. Criticality: Medium.
Solution: update to ~> 6.1.7, >= 6.1.7.3, >= 7.0.4.3.
For full impact, workarounds, and patches, see the linked advisory.
VULNERABLE GEM: actionpack@5.0.7.2
Possible XSS via User Supplied Values to redirect_to
Description
Reported by bundler-audit. Criticality: Medium.
Solution: update to ~> 6.1.7.4, >= 7.0.5.1.
For full impact, workarounds, and patches, see the linked advisory.
VULNERABLE GEM: actionmailer@5.0.7.2
Possible ReDoS vulnerability in block_format in Action Mailer
Description
Reported by bundler-audit. Criticality: Unknown.
Solution: update to ~> 6.1.7.9, ~> 7.0.8, >= 7.0.8.5, ~> 7.1.4, >= 7.1.4.1, >= 7.2.1.1.
For full impact, workarounds, and patches, see the linked advisory.
VULNERABLE GEM: actionpack@5.0.7.2
Possible ReDoS vulnerability in query parameter filtering in Action Dispatch
Description
Reported by bundler-audit. Criticality: Unknown.
Solution: update to ~> 6.1.7.9, ~> 7.0.8, >= 7.0.8.5, ~> 7.1.4, >= 7.1.4.1, >= 7.2.1.1.
For full impact, workarounds, and patches, see the linked advisory.
VULNERABLE GEM: actionpack@5.0.7.2
Possible ReDoS vulnerability in HTTP Token authentication in Action Controller
Description
Reported by bundler-audit. Criticality: Unknown.
Solution: update to ~> 6.1.7.9, ~> 7.0.8, >= 7.0.8.5, ~> 7.1.4, >= 7.1.4.1, >= 7.2.1.1.
For full impact, workarounds, and patches, see the linked advisory.
VULNERABLE GEM: activerecord@5.0.7.2
Active Record logging vulnerable to ANSI escape injection
Description
Reported by bundler-audit. Criticality: Unknown.
Solution: update to ~> 7.1.5, >= 7.1.5.2, ~> 7.2.2, >= 7.2.2.2, >= 8.0.2.1.
For full impact, workarounds, and patches, see the linked advisory.
VULNERABLE GEM: actionview@5.0.7.2
Rails has a possible XSS vulnerability in its Action View tag helpers
Description
Reported by bundler-audit. Criticality: Unknown.
Solution: update to ~> 7.2.3, >= 7.2.3.1, ~> 8.0.4, >= 8.0.4.1, >= 8.1.2.1.
For full impact, workarounds, and patches, see the linked advisory.
VULNERABLE GEM: activesupport@5.0.7.2
Rails Active Support has a possible ReDoS vulnerability in number_to_delimited
Description
Reported by bundler-audit. Criticality: Unknown.
Solution: update to ~> 7.2.3, >= 7.2.3.1, ~> 8.0.4, >= 8.0.4.1, >= 8.1.2.1.
For full impact, workarounds, and patches, see the linked advisory.
VULNERABLE GEM: activesupport@5.0.7.2
Rails Active Support has a possible XSS vulnerability in SafeBuffer#%
Description
Reported by bundler-audit. Criticality: Unknown.
Solution: update to ~> 7.2.3, >= 7.2.3.1, ~> 8.0.4, >= 8.0.4.1, >= 8.1.2.1.
For full impact, workarounds, and patches, see the linked advisory.
VULNERABLE GEM: activesupport@5.0.7.2
Rails Active Support has a possible DoS vulnerability in its number helpers
Description
Reported by bundler-audit. Criticality: Unknown.
Solution: update to ~> 7.2.3, >= 7.2.3.1, ~> 8.0.4, >= 8.0.4.1, >= 8.1.2.1.
For full impact, workarounds, and patches, see the linked advisory.