This is the Get Rapidus sample application made from the [One Month Rails] (http://onemonth.com)
By Diego
This is the Get Rapidus sample application made from the [One Month Rails] (http://onemonth.com)
By Diego
Nokogiri (�) is an HTML, XML, SAX, and Reader parser. Among Nokogiri's many features is the ability to search documents via XPath or CSS3 selectors.
XML is like violence - if it doesn�t solve your problems, you are not using
enough of it.
path: /var/lib/gems/2.3.0/cache/nokogiri-1.5.11.gem
Library home page: http://rubygems.org/gems/nokogiri-1.5.11.gem
Dependency Hierarchy:
libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.
Publish Date: 2017-05-18
URL: CVE-2017-9050
Base Score Metrics:
Type: Upgrade version
Origin: https://security.gentoo.org/glsa/201711-01
Release Date: 2017-11-10
Fix Resolution: All libxml2 users should upgrade to the latest version >= libxml2-2.9.4-r3
Step up your Open Source Security Game with WhiteSource here
A really Ruby Mail handler.
path: /var/lib/gems/2.3.0/cache/mail-2.5.4.gem
Library home page: http://rubygems.org/gems/mail-2.5.4.gem
Dependency Hierarchy:
The mail gem before 2.5.5 for Ruby (aka A Really Ruby Mail Library) is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.
Publish Date: 2017-06-12
URL: CVE-2015-9097
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-9097
Release Date: 2017-06-12
Fix Resolution: 2.5.5
Step up your Open Source Security Game with WhiteSource here
Easy upload management for ActiveRecord
path: /gems/2.3.0/cache/paperclip-3.5.4.gem
Library home page: http://rubygems.org/gems/paperclip-3.5.4.gem
Dependency Hierarchy:
Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter class. Attackers may be able to access information about internal network resources.
Publish Date: 2017-11-13
URL: CVE-2017-0889
Base Score Metrics:
Type: Change files
Origin: thoughtbot/paperclip@d3d63aa
Release Date: 2017-04-21
Fix Resolution: Replace or update the following files: nil_adapter.rb, uploaded_file_adapter.rb, stringio_adapter.rb, http_url_proxy_adapter.rb, data_uri_adapter_spec.rb, Gemfile, uri_adapter_spec.rb, 4.2.gemfile, 5.0.gemfile, empty_string_adapter.rb, registry.rb, identity_adapter.rb, uri_adapter.rb, rails_steps.rb, file_adapter.rb, http_url_proxy_adapter_spec.rb, attachment_adapter.rb, env.rb, data_uri_adapter.rb, basic_integration.feature
Step up your Open Source Security Game with WhiteSource here
Ruby on Rails is a full-stack web framework optimized for programmer happiness and sustainable productivity. It encourages beautiful code by favoring convention over configuration.
path: /var/lib/gems/2.3.0/cache/rails-4.1.2.gem
Library home page: http://rubygems.org/gems/rails-4.1.2.gem
Dependency Hierarchy:
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0752.
Publish Date: 2016-04-07
URL: CVE-2016-2097
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2016-2097
Release Date: 2016-04-07
Fix Resolution: 3.2.22.2,4.1.14.2
Step up your Open Source Security Game with WhiteSource here
New wave Internationalization support for Ruby.
path: /var/lib/gems/2.3.0/cache/i18n-0.6.9.gem
Library home page: http://rubygems.org/gems/i18n-0.6.9.gem
Dependency Hierarchy:
Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 for Ruby allows remote attackers to cause a denial of service (application crash) via a call in a situation where :some_key is present in keep_keys but not present in the hash.
Publish Date: 2018-11-06
URL: CVE-2014-10077
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2014-10077
Release Date: 2018-11-06
Fix Resolution: 0.8.0
Step up your Open Source Security Game with WhiteSource here
Ruby on Rails is a full-stack web framework optimized for programmer happiness and sustainable productivity. It encourages beautiful code by favoring convention over configuration.
path: /var/lib/gems/2.3.0/cache/rails-4.1.2.gem
Library home page: http://rubygems.org/gems/rails-4.1.2.gem
Dependency Hierarchy:
Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.
Publish Date: 2016-04-07
URL: CVE-2016-2098
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2016-2098
Release Date: 2016-04-07
Fix Resolution: 3.2.22.2,4.1.14.2,4.2.5.2
Step up your Open Source Security Game with WhiteSource here
This gem provides jQuery and the jQuery-ujs driver for your Rails 3+ application.
path: /gems/2.3.0/cache/jquery-rails-3.1.1.gem
Library home page: http://rubygems.org/gems/jquery-rails-3.1.1.gem
Dependency Hierarchy:
jquery_ujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space character in a URL within an attribute value.
Publish Date: 2015-07-26
URL: CVE-2015-1840
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-1840
Release Date: 2015-07-26
Fix Resolution: jquery-rails - 3.1.3,4.0.4;jquery-ujs - 1.0.4
Step up your Open Source Security Game with WhiteSource here
Flexible authentication solution for Rails with Warden
path: /gems/2.3.0/cache/devise-3.2.4.gem
Library home page: http://rubygems.org/gems/devise-3.2.4.gem
Dependency Hierarchy:
Devise version before 3.5.4 uses cookies to implement a “Remember me” functionality.However, it generates the same cookie for all devices.
If an attacker manages to steal a remember me cookie and the user does not change the password frequently, the cookie can be used to gain access to the application indefinitely.
Publish Date: 2015-12-16
URL: CVE-2015-8314
Step up your Open Source Security Game with WhiteSource here
A really Ruby Mail handler.
path: /var/lib/gems/2.3.0/cache/mail-2.5.4.gem
Library home page: http://rubygems.org/gems/mail-2.5.4.gem
Dependency Hierarchy:
Because the Mail Gem for Ruby does not validate or impose a length limit on email address fields, an attacker can modify messages sent with the gem via a specially-crafted recipient email address.
Publish Date: 2015-12-09
URL: WS-2015-0029
Step up your Open Source Security Game with WhiteSource here
Ruby on Rails is a full-stack web framework optimized for programmer happiness and sustainable productivity. It encourages beautiful code by favoring convention over configuration.
path: /var/lib/gems/2.3.0/cache/rails-4.1.2.gem
Library home page: http://rubygems.org/gems/rails-4.1.2.gem
Dependency Hierarchy:
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.
Publish Date: 2016-02-16
URL: CVE-2016-0752
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2016-0752
Release Date: 2016-02-16
Fix Resolution: 3.2.22.1,4.1.14.1,4.2.5.1,5.0.0.beta1.1
Step up your Open Source Security Game with WhiteSource here
Uglifier minifies JavaScript files by wrapping UglifyJS to be accessible in Ruby
path: /gems/2.3.0/cache/uglifier-2.5.1.gem
Library home page: http://rubygems.org/gems/uglifier-2.5.1.gem
Dependency Hierarchy:
The upstream library for the Ruby uglifier gem, UglifyJS, is affected by a vulnerability that allows a specially crafted Javascript file to have altered functionality after minification.
Publish Date: 2015-07-21
URL: WS-2015-0033
Step up your Open Source Security Game with WhiteSource here
Easy upload management for ActiveRecord
path: /gems/2.3.0/cache/paperclip-3.5.4.gem
Library home page: http://rubygems.org/gems/paperclip-3.5.4.gem
Dependency Hierarchy:
The thoughtbot paperclip gem before 4.2.2 for Ruby does not consider the content-type value during media-type validation, which allows remote attackers to upload HTML documents and conduct cross-site scripting (XSS) attacks via a spoofed value, as demonstrated by image/jpeg.
Publish Date: 2015-07-10
URL: CVE-2015-2963
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-2963
Release Date: 2015-07-10
Fix Resolution: 4.2.2
Step up your Open Source Security Game with WhiteSource here
Ruby on Rails is a full-stack web framework optimized for programmer happiness and sustainable productivity. It encourages beautiful code by favoring convention over configuration.
path: /var/lib/gems/2.3.0/cache/rails-4.1.2.gem
Library home page: http://rubygems.org/gems/rails-4.1.2.gem
Dependency Hierarchy:
actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header.
Publish Date: 2016-02-16
URL: CVE-2016-0751
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2016-0751
Release Date: 2016-02-16
Fix Resolution: 3.2.22.1,4.1.14.1,4.2.5.1,5.0.0.beta1.1
Step up your Open Source Security Game with WhiteSource here
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.