API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 25th, 2019
91
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 21.30 KB | None | 0 0
raw download clone embed print report diff
  1. {
  2. "version": "2.1",
  3. "vulnerabilities": [
  4. {
  5. "category": "dependency_scanning",
  6. "message": "ruby-ffi DDL loading issue on Windows OS",
  7. "cve": "Gemfile.lock:ffi:cve:CVE-2018-1000201",
  8. "severity": "High",
  9. "solution": "upgrade to \u003e= 1.9.24",
  10. "scanner": {
  11. "id": "bundler_audit",
  12. "name": "bundler-audit"
  13. },
  14. "location": {
  15. "file": "Gemfile.lock",
  16. "dependency": {
  17. "package": {
  18. "name": "ffi"
  19. },
  20. "version": "1.9.21"
  21. }
  22. },
  23. "identifiers": [
  24. {
  25. "type": "cve",
  26. "name": "CVE-2018-1000201",
  27. "value": "CVE-2018-1000201",
  28. "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000201"
  29. }
  30. ],
  31. "links": [
  32. {
  33. "url": "https://github.com/ffi/ffi/releases/tag/1.9.24"
  34. }
  35. ]
  36. },
  37. {
  38. "category": "dependency_scanning",
  39. "message": "Nokogiri gem contains several vulnerabilities in libxml2 and libxslt",
  40. "cve": "Gemfile.lock:nokogiri:cve:CVE-2016-4658",
  41. "severity": "High",
  42. "solution": "upgrade to \u003e= 1.7.1",
  43. "scanner": {
  44. "id": "bundler_audit",
  45. "name": "bundler-audit"
  46. },
  47. "location": {
  48. "file": "Gemfile.lock",
  49. "dependency": {
  50. "package": {
  51. "name": "nokogiri"
  52. },
  53. "version": "1.6.7.2"
  54. }
  55. },
  56. "identifiers": [
  57. {
  58. "type": "cve",
  59. "name": "CVE-2016-4658",
  60. "value": "CVE-2016-4658",
  61. "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658"
  62. }
  63. ],
  64. "links": [
  65. {
  66. "url": "https://github.com/sparklemotion/nokogiri/issues/1615"
  67. }
  68. ]
  69. },
  70. {
  71. "category": "dependency_scanning",
  72. "message": "Denial of service or RCE from libxml2 and libxslt",
  73. "cve": "Gemfile.lock:nokogiri:cve:CVE-2015-8806",
  74. "severity": "Unknown",
  75. "solution": "upgrade to \u003e= 1.6.8",
  76. "scanner": {
  77. "id": "bundler_audit",
  78. "name": "bundler-audit"
  79. },
  80. "location": {
  81. "file": "Gemfile.lock",
  82. "dependency": {
  83. "package": {
  84. "name": "nokogiri"
  85. },
  86. "version": "1.6.7.2"
  87. }
  88. },
  89. "identifiers": [
  90. {
  91. "type": "cve",
  92. "name": "CVE-2015-8806",
  93. "value": "CVE-2015-8806",
  94. "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8806"
  95. }
  96. ],
  97. "links": [
  98. {
  99. "url": "https://github.com/sparklemotion/nokogiri/issues/1473"
  100. }
  101. ]
  102. },
  103. {
  104. "category": "dependency_scanning",
  105. "message": "Nokogiri gem, via libxml, is affected by DoS vulnerabilities",
  106. "cve": "Gemfile.lock:nokogiri:cve:CVE-2017-15412",
  107. "severity": "Unknown",
  108. "solution": "upgrade to \u003e= 1.8.2",
  109. "scanner": {
  110. "id": "bundler_audit",
  111. "name": "bundler-audit"
  112. },
  113. "location": {
  114. "file": "Gemfile.lock",
  115. "dependency": {
  116. "package": {
  117. "name": "nokogiri"
  118. },
  119. "version": "1.6.7.2"
  120. }
  121. },
  122. "identifiers": [
  123. {
  124. "type": "cve",
  125. "name": "CVE-2017-15412",
  126. "value": "CVE-2017-15412",
  127. "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15412"
  128. }
  129. ],
  130. "links": [
  131. {
  132. "url": "https://github.com/sparklemotion/nokogiri/issues/1714"
  133. }
  134. ]
  135. },
  136. {
  137. "category": "dependency_scanning",
  138. "message": "Nokogiri gem, via libxml, is affected by DoS vulnerabilities",
  139. "cve": "Gemfile.lock:nokogiri:cve:CVE-2017-16932",
  140. "severity": "Unknown",
  141. "solution": "upgrade to \u003e= 1.8.1",
  142. "scanner": {
  143. "id": "bundler_audit",
  144. "name": "bundler-audit"
  145. },
  146. "location": {
  147. "file": "Gemfile.lock",
  148. "dependency": {
  149. "package": {
  150. "name": "nokogiri"
  151. },
  152. "version": "1.6.7.2"
  153. }
  154. },
  155. "identifiers": [
  156. {
  157. "type": "cve",
  158. "name": "CVE-2017-16932",
  159. "value": "CVE-2017-16932",
  160. "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16932"
  161. }
  162. ],
  163. "links": [
  164. {
  165. "url": "https://github.com/sparklemotion/nokogiri/issues/1714"
  166. }
  167. ]
  168. },
  169. {
  170. "category": "dependency_scanning",
  171. "message": "Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29",
  172. "cve": "Gemfile.lock:nokogiri:cve:CVE-2017-5029",
  173. "severity": "Unknown",
  174. "solution": "upgrade to \u003e= 1.7.2",
  175. "scanner": {
  176. "id": "bundler_audit",
  177. "name": "bundler-audit"
  178. },
  179. "location": {
  180. "file": "Gemfile.lock",
  181. "dependency": {
  182. "package": {
  183. "name": "nokogiri"
  184. },
  185. "version": "1.6.7.2"
  186. }
  187. },
  188. "identifiers": [
  189. {
  190. "type": "cve",
  191. "name": "CVE-2017-5029",
  192. "value": "CVE-2017-5029",
  193. "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5029"
  194. }
  195. ],
  196. "links": [
  197. {
  198. "url": "https://github.com/sparklemotion/nokogiri/issues/1634"
  199. }
  200. ]
  201. },
  202. {
  203. "category": "dependency_scanning",
  204. "message": "Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities",
  205. "cve": "Gemfile.lock:nokogiri:cve:CVE-2017-9050",
  206. "severity": "Unknown",
  207. "solution": "upgrade to \u003e= 1.8.1",
  208. "scanner": {
  209. "id": "bundler_audit",
  210. "name": "bundler-audit"
  211. },
  212. "location": {
  213. "file": "Gemfile.lock",
  214. "dependency": {
  215. "package": {
  216. "name": "nokogiri"
  217. },
  218. "version": "1.6.7.2"
  219. }
  220. },
  221. "identifiers": [
  222. {
  223. "type": "cve",
  224. "name": "CVE-2017-9050",
  225. "value": "CVE-2017-9050",
  226. "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050"
  227. }
  228. ],
  229. "links": [
  230. {
  231. "url": "https://github.com/sparklemotion/nokogiri/issues/1673"
  232. }
  233. ]
  234. },
  235. {
  236. "category": "dependency_scanning",
  237. "message": "Nokogiri gem, via libxml2, is affected by multiple vulnerabilities",
  238. "cve": "Gemfile.lock:nokogiri:cve:CVE-2018-14404",
  239. "severity": "Unknown",
  240. "solution": "upgrade to \u003e= 1.8.5",
  241. "scanner": {
  242. "id": "bundler_audit",
  243. "name": "bundler-audit"
  244. },
  245. "location": {
  246. "file": "Gemfile.lock",
  247. "dependency": {
  248. "package": {
  249. "name": "nokogiri"
  250. },
  251. "version": "1.6.7.2"
  252. }
  253. },
  254. "identifiers": [
  255. {
  256. "type": "cve",
  257. "name": "CVE-2018-14404",
  258. "value": "CVE-2018-14404",
  259. "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14404"
  260. }
  261. ],
  262. "links": [
  263. {
  264. "url": "https://github.com/sparklemotion/nokogiri/issues/1785"
  265. }
  266. ]
  267. },
  268. {
  269. "category": "dependency_scanning",
  270. "message": "Revert libxml2 behavior in Nokogiri gem that could cause XSS",
  271. "cve": "Gemfile.lock:nokogiri:cve:CVE-2018-8048",
  272. "severity": "Unknown",
  273. "solution": "upgrade to \u003e= 1.8.3",
  274. "scanner": {
  275. "id": "bundler_audit",
  276. "name": "bundler-audit"
  277. },
  278. "location": {
  279. "file": "Gemfile.lock",
  280. "dependency": {
  281. "package": {
  282. "name": "nokogiri"
  283. },
  284. "version": "1.6.7.2"
  285. }
  286. },
  287. "identifiers": [
  288. {
  289. "type": "cve",
  290. "name": "CVE-2018-8048",
  291. "value": "CVE-2018-8048",
  292. "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8048"
  293. }
  294. ],
  295. "links": [
  296. {
  297. "url": "https://github.com/sparklemotion/nokogiri/pull/1746"
  298. }
  299. ]
  300. },
  301. {
  302. "category": "dependency_scanning",
  303. "message": "Nokogiri gem, via libxslt, is affected by improper access control vulnerability",
  304. "cve": "Gemfile.lock:nokogiri:cve:CVE-2019-11068",
  305. "severity": "Unknown",
  306. "solution": "upgrade to \u003e= 1.10.3",
  307. "scanner": {
  308. "id": "bundler_audit",
  309. "name": "bundler-audit"
  310. },
  311. "location": {
  312. "file": "Gemfile.lock",
  313. "dependency": {
  314. "package": {
  315. "name": "nokogiri"
  316. },
  317. "version": "1.6.7.2"
  318. }
  319. },
  320. "identifiers": [
  321. {
  322. "type": "cve",
  323. "name": "CVE-2019-11068",
  324. "value": "CVE-2019-11068",
  325. "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11068"
  326. }
  327. ],
  328. "links": [
  329. {
  330. "url": "https://github.com/sparklemotion/nokogiri/issues/1892"
  331. }
  332. ]
  333. },
  334. {
  335. "category": "dependency_scanning",
  336. "name": "Vulnerabilities in libxml2",
  337. "message": "Vulnerabilities in libxml2 in nokogiri",
  338. "description": " The version of libxml2 packaged with Nokogiri contains several vulnerabilities.\r\n Nokogiri has mitigated these issues by upgrading to libxml 2.9.5.\r\n\r\n It was discovered that a type confusion error existed in libxml2. An\r\n attacker could use this to specially construct XML data that\r\n could cause a denial of service or possibly execute arbitrary\r\n code. (CVE-2017-0663)\r\n\r\n It was discovered that libxml2 did not properly validate parsed entity\r\n references. An attacker could use this to specially construct XML\r\n data that could expose sensitive information. (CVE-2017-7375)\r\n\r\n It was discovered that a buffer overflow existed in libxml2 when\r\n handling HTTP redirects. An attacker could use this to specially\r\n construct XML data that could cause a denial of service or possibly\r\n execute arbitrary code. (CVE-2017-7376)\r\n\r\n Marcel Böhme and Van-Thuan Pham discovered a buffer overflow in\r\n libxml2 when handling elements. An attacker could use this to specially\r\n construct XML data that could cause a denial of service or possibly\r\n execute arbitrary code. (CVE-2017-9047)\r\n\r\n Marcel Böhme and Van-Thuan Pham discovered a buffer overread\r\n in libxml2 when handling elements. An attacker could use this\r\n to specially construct XML data that could cause a denial of\r\n service. (CVE-2017-9048)\r\n\r\n Marcel Böhme and Van-Thuan Pham discovered multiple buffer overreads\r\n in libxml2 when handling parameter-entity references. An attacker\r\n could use these to specially construct XML data that could cause a\r\n denial of service. (CVE-2017-9049, CVE-2017-9050)",
  339. "cve": "Gemfile.lock:nokogiri:gemnasium:06565b64-486d-4326-b906-890d9915804d",
  340. "severity": "Unknown",
  341. "solution": "Upgrade to latest version.",
  342. "scanner": {
  343. "id": "gemnasium",
  344. "name": "Gemnasium"
  345. },
  346. "location": {
  347. "file": "Gemfile.lock",
  348. "dependency": {
  349. "package": {
  350. "name": "nokogiri"
  351. },
  352. "version": "1.6.7.2"
  353. }
  354. },
  355. "identifiers": [
  356. {
  357. "type": "gemnasium",
  358. "name": "Gemnasium-06565b64-486d-4326-b906-890d9915804d",
  359. "value": "06565b64-486d-4326-b906-890d9915804d",
  360. "url": "https://deps.sec.gitlab.com/packages/gem/nokogiri/versions/1.6.7.2/advisories"
  361. },
  362. {
  363. "type": "usn",
  364. "name": "USN-3424-1",
  365. "value": "USN-3424-1",
  366. "url": "https://usn.ubuntu.com/3424-1/"
  367. }
  368. ],
  369. "links": [
  370. {
  371. "url": "https://github.com/sparklemotion/nokogiri/issues/1673"
  372. }
  373. ]
  374. },
  375. {
  376. "category": "dependency_scanning",
  377. "message": "Path traversal is possible via backslash characters on Windows.",
  378. "cve": "Gemfile.lock:rack-protection:cve:CVE-2018-7212",
  379. "severity": "Unknown",
  380. "solution": "upgrade to \u003e= 2.0.1, ~\u003e 1.5.4",
  381. "scanner": {
  382. "id": "bundler_audit",
  383. "name": "bundler-audit"
  384. },
  385. "location": {
  386. "file": "Gemfile.lock",
  387. "dependency": {
  388. "package": {
  389. "name": "rack-protection"
  390. },
  391. "version": "2.0.0"
  392. }
  393. },
  394. "identifiers": [
  395. {
  396. "type": "cve",
  397. "name": "CVE-2018-7212",
  398. "value": "CVE-2018-7212",
  399. "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7212"
  400. }
  401. ],
  402. "links": [
  403. {
  404. "url": "https://github.com/sinatra/sinatra/pull/1379"
  405. }
  406. ]
  407. },
  408. {
  409. "category": "dependency_scanning",
  410. "message": "Possible DoS vulnerability in Rack",
  411. "cve": "Gemfile.lock:rack:cve:CVE-2018-16470",
  412. "severity": "Unknown",
  413. "solution": "upgrade to \u003e= 2.0.6",
  414. "scanner": {
  415. "id": "bundler_audit",
  416. "name": "bundler-audit"
  417. },
  418. "location": {
  419. "file": "Gemfile.lock",
  420. "dependency": {
  421. "package": {
  422. "name": "rack"
  423. },
  424. "version": "2.0.4"
  425. }
  426. },
  427. "identifiers": [
  428. {
  429. "type": "cve",
  430. "name": "CVE-2018-16470",
  431. "value": "CVE-2018-16470",
  432. "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16470"
  433. }
  434. ],
  435. "links": [
  436. {
  437. "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/Dz4sRl-ktKk"
  438. }
  439. ]
  440. },
  441. {
  442. "category": "dependency_scanning",
  443. "message": "Possible XSS vulnerability in Rack",
  444. "cve": "Gemfile.lock:rack:cve:CVE-2018-16471",
  445. "severity": "Unknown",
  446. "solution": "upgrade to ~\u003e 1.6.11, \u003e= 2.0.6",
  447. "scanner": {
  448. "id": "bundler_audit",
  449. "name": "bundler-audit"
  450. },
  451. "location": {
  452. "file": "Gemfile.lock",
  453. "dependency": {
  454. "package": {
  455. "name": "rack"
  456. },
  457. "version": "2.0.4"
  458. }
  459. },
  460. "identifiers": [
  461. {
  462. "type": "cve",
  463. "name": "CVE-2018-16471",
  464. "value": "CVE-2018-16471",
  465. "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16471"
  466. }
  467. ],
  468. "links": [
  469. {
  470. "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/NAalCee8n6o"
  471. }
  472. ]
  473. },
  474. {
  475. "category": "dependency_scanning",
  476. "message": "XSS via the 400 Bad Request page",
  477. "cve": "Gemfile.lock:sinatra:cve:CVE-2018-11627",
  478. "severity": "Unknown",
  479. "solution": "upgrade to \u003e= 2.0.2",
  480. "scanner": {
  481. "id": "bundler_audit",
  482. "name": "bundler-audit"
  483. },
  484. "location": {
  485. "file": "Gemfile.lock",
  486. "dependency": {
  487. "package": {
  488. "name": "sinatra"
  489. },
  490. "version": "2.0.0"
  491. }
  492. },
  493. "identifiers": [
  494. {
  495. "type": "cve",
  496. "name": "CVE-2018-11627",
  497. "value": "CVE-2018-11627",
  498. "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11627"
  499. }
  500. ],
  501. "links": [
  502. {
  503. "url": "https://github.com/sinatra/sinatra/issues/1428"
  504. }
  505. ]
  506. }
  507. ],
  508. "remediations": [],
  509. "dependency_files": [
  510. {
  511. "path": "Gemfile.lock",
  512. "package_manager": "bundler",
  513. "dependencies": [
  514. {
  515. "package": {
  516. "name": "activesupport https://foo.bar.com"
  517. },
  518. "version": "5.1.4"
  519. },
  520. {
  521. "package": {
  522. "name": "byebug"
  523. },
  524. "version": "10.0.0"
  525. },
  526. {
  527. "package": {
  528. "name": "coderay"
  529. },
  530. "version": "1.1.2"
  531. },
  532. {
  533. "package": {
  534. "name": "concurrent-ruby"
  535. },
  536. "version": "1.0.5"
  537. },
  538. {
  539. "package": {
  540. "name": "connection_pool"
  541. },
  542. "version": "2.2.1"
  543. },
  544. {
  545. "package": {
  546. "name": "diff-lcs"
  547. },
  548. "version": "1.3"
  549. },
  550. {
  551. "package": {
  552. "name": "faker"
  553. },
  554. "version": "1.6.6"
  555. },
  556. {
  557. "package": {
  558. "name": "ffi"
  559. },
  560. "version": "1.9.21"
  561. },
  562. {
  563. "package": {
  564. "name": "formatador"
  565. },
  566. "version": "0.2.5"
  567. },
  568. {
  569. "package": {
  570. "name": "guard"
  571. },
  572. "version": "2.14.2"
  573. },
  574. {
  575. "package": {
  576. "name": "guard-compat"
  577. },
  578. "version": "1.2.1"
  579. },
  580. {
  581. "package": {
  582. "name": "guard-rspec"
  583. },
  584. "version": "4.7.3"
  585. },
  586. {
  587. "package": {
  588. "name": "i18n"
  589. },
  590. "version": "0.9.5"
  591. },
  592. {
  593. "package": {
  594. "name": "listen"
  595. },
  596. "version": "3.1.5"
  597. },
  598. {
  599. "package": {
  600. "name": "lumberjack"
  601. },
  602. "version": "1.0.12"
  603. },
  604. {
  605. "package": {
  606. "name": "method_source"
  607. },
  608. "version": "0.9.0"
  609. },
  610. {
  611. "package": {
  612. "name": "mini_portile2"
  613. },
  614. "version": "2.0.0"
  615. },
  616. {
  617. "package": {
  618. "name": "minitest"
  619. },
  620. "version": "5.11.3"
  621. },
  622. {
  623. "package": {
  624. "name": "mustermann"
  625. },
  626. "version": "1.0.1"
  627. },
  628. {
  629. "package": {
  630. "name": "nenv"
  631. },
  632. "version": "0.3.0"
  633. },
  634. {
  635. "package": {
  636. "name": "nokogiri"
  637. },
  638. "version": "1.6.7.2"
  639. },
  640. {
  641. "package": {
  642. "name": "notiffany"
  643. },
  644. "version": "0.1.1"
  645. },
  646. {
  647. "package": {
  648. "name": "pg"
  649. },
  650. "version": "1.0.0"
  651. },
  652. {
  653. "package": {
  654. "name": "pry"
  655. },
  656. "version": "0.11.3"
  657. },
  658. {
  659. "package": {
  660. "name": "puma"
  661. },
  662. "version": "3.12.0"
  663. },
  664. {
  665. "package": {
  666. "name": "rack"
  667. },
  668. "version": "2.0.4"
  669. },
  670. {
  671. "package": {
  672. "name": "rack-protection"
  673. },
  674. "version": "2.0.0"
  675. },
  676. {
  677. "package": {
  678. "name": "rb-fsevent"
  679. },
  680. "version": "0.10.2"
  681. },
  682. {
  683. "package": {
  684. "name": "rb-inotify"
  685. },
  686. "version": "0.9.10"
  687. },
  688. {
  689. "package": {
  690. "name": "redis"
  691. },
  692. "version": "3.3.5"
  693. },
  694. {
  695. "package": {
  696. "name": "rspec"
  697. },
  698. "version": "3.7.0"
  699. },
  700. {
  701. "package": {
  702. "name": "rspec-core"
  703. },
  704. "version": "3.7.1"
  705. },
  706. {
  707. "package": {
  708. "name": "rspec-expectations"
  709. },
  710. "version": "3.7.0"
  711. },
  712. {
  713. "package": {
  714. "name": "rspec-mocks"
  715. },
  716. "version": "3.7.0"
  717. },
  718. {
  719. "package": {
  720. "name": "rspec-support"
  721. },
  722. "version": "3.7.1"
  723. },
  724. {
  725. "package": {
  726. "name": "ruby_dep"
  727. },
  728. "version": "1.5.0"
  729. },
  730. {
  731. "package": {
  732. "name": "shellany"
  733. },
  734. "version": "0.0.1"
  735. },
  736. {
  737. "package": {
  738. "name": "sidekiq"
  739. },
  740. "version": "4.2.10"
  741. },
  742. {
  743. "package": {
  744. "name": "sinatra"
  745. },
  746. "version": "2.0.0"
  747. },
  748. {
  749. "package": {
  750. "name": "slim"
  751. },
  752. "version": "3.0.9"
  753. },
  754. {
  755. "package": {
  756. "name": "spring"
  757. },
  758. "version": "2.0.2"
  759. },
  760. {
  761. "package": {
  762. "name": "temple"
  763. },
  764. "version": "0.8.0"
  765. },
  766. {
  767. "package": {
  768. "name": "thor"
  769. },
  770. "version": "0.20.0"
  771. },
  772. {
  773. "package": {
  774. "name": "thread_safe"
  775. },
  776. "version": "0.3.6"
  777. },
  778. {
  779. "package": {
  780. "name": "tilt"
  781. },
  782. "version": "2.0.8"
  783. },
  784. {
  785. "package": {
  786. "name": "tzinfo"
  787. },
  788. "version": "1.2.5"
  789. }
  790. ]
  791. }
  792. ]
  793. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!