bundler-audit 0.1.1 → 0.1.2

data/data/bundler/audit/mail/2011-0739.yml

@@ -1,17 +0,0 @@
----
-url: http://www.osvdb.org/show/osvdb/70667
-title: |
-  Mail Gem for Ruby lib/mail/network/delivery_methods/sendmail.rb Email From:
-  Address Arbitrary Shell Command Injection 
-
-description: > 
-  Mail Gem for Ruby contains a flaw related to the failure to properly
-  sanitise input passed from an email from address in the 'deliver()'
-  function in 'lib/mail/network/delivery_methods/sendmail.rb' before
-  being used as a command line argument. This may allow a remote
-  attacker to inject arbitrary shell commands.
-
-cvss_v2: 6.8
-
-patched_versions:
-  - ">= 2.2.15"

data/data/bundler/audit/mail/2012-2139.yml

@@ -1,16 +0,0 @@
----
-url: http://www.osvdb.org/show/osvdb/81631
-title: Mail Gem for Ruby File Delivery Method to Parameter Traversal Arbitrary File Manipulation 
-
-description: > 
-  Mail Gem for Ruby contains a flaw that allows a remote
-  attacker to traverse outside of a restricted path. The issue is due
-  to the program not properly sanitizing user input, specifically
-  directory traversal style attacks (e.g., ../../) supplied via the
-  'to' parameter within the delivery method. This directory traversal
-  attack would allow the attacker to modify arbitrary files.
-
-cvss_v2: 5.0
-
-patched_versions:
-  - ">= 2.4.4"

data/data/bundler/audit/mail/2012-2140.yml

@@ -1,13 +0,0 @@
----
-url: http://www.osvdb.org/show/osvdb/81632
-title: Mail Gem for Ruby Multiple Delivery Method Remote Shell Command Executio
-
-description: > 
-  Mail Gem for Ruby contains a flaw that occurs within
-  the sendmail and exim delivery methods, which may allow an attacker
-  to execute arbitrary shell commands..
-
-cvss_v2: 7.5
-
-patched_versions:
-  - ">= 2.4.4"

data/data/bundler/audit/rack-cache/2012-267.yml

@@ -1,14 +0,0 @@
----
-url: http://osvdb.org/83077
-title: rack-cache Rubygem Sensitive HTTP Header Caching Weakness 
-
-description: | 
-  Rack::Cache (rack-cache) contains a flaw related to the
-  rubygem caching sensitive HTTP headers. This will result in a
-  weakness that may make it easier for an attacker to gain access to a
-  user's session via a specially crafted header.
-
-cvss_v2: 7.5
-
-patched_versions:
-  - ">= 1.2"

data/data/bundler/audit/rails/2012-1098.yml

@@ -1,19 +0,0 @@
----
-url: http://osvdb.org/79726
-title: Ruby on Rails SafeBuffer Object [] Direct Manipulation XSS 
-
-description: >
-  Ruby on Rails contains a flaw that allows a remote cross-site
-  scripting (XSS) attack. This flaw exists because athe application
-  does not validate direct manipulations of SafeBuffer objects via
-  '[]' and other methods. This may allow a user to create a specially
-  crafted request that would execute arbitrary script code in a user's
-  browser within the trust relationship between their browser and the
-  server.
-
-cvss_v2: 4.3
-
-patched_versions:
-  - ~> 3.0.12
-  - ~> 3.1.4
-  - ">= 3.2.2"

data/data/bundler/audit/rails/2012-1099.yml

@@ -1,19 +0,0 @@
----
-url: http://www.osvdb.org/show/osvdb/79727
-title: Ruby on Rails actionpack/lib/action_view/helpers/form_options_helper.rb Manually Generated Select Tag Options XSS
-
-description: >
-  Ruby on Rails contains a flaw that allows a remote cross-site
-  scripting (XSS) attack. This flaw exists because the application does
-  not validate manually generated 'select tag options' upon submission
-  to actionpack/lib/action_view/helpers/form_options_helper.rb. This may
-  allow a user to create a specially crafted request that would execute
-  arbitrary script code in a user's browser within the trust
-  relationship between their browser and the server.
-
-cvss_v2: 4.3
-
-patched_versions:
-  - ~> 3.0.12
-  - ~> 3.1.4
-  - ">= 3.2.2"

data/data/bundler/audit/rails/2012-2660.yml

@@ -1,17 +0,0 @@
----
-url: http://www.osvdb.org/show/osvdb/82610
-title: Ruby on Rails ActiveRecord Class Rack Query Parameter Parsing SQL Query Arbitrary IS NULL Clause Injection 
-
-description: >
-  Ruby on Rails contains a flaw related to the way ActiveRecord handles
-  parameters in conjunction with the way Rack parses query parameters.
-  This issue may allow an attacker to inject arbitrary 'IS NULL' clauses
-  in to application SQL queries. This may also allow an attacker to have
-  the SQL query check for NULL in arbitrary places.
-
-cvss_v2: 7.5
-
-patched_versions:
-  - ~> 3.0.13
-  - ~> 3.1.5
-  - ">= 3.2.4"

data/data/bundler/audit/rails/2012-2661.yml

@@ -1,18 +0,0 @@
----
-url: http://www.osvdb.org/show/osvdb/82403
-title: Ruby on Rails where Method ActiveRecord Class SQL Injection 
-
-description: > 
-  Ruby on Rails (RoR) contains a flaw that may allow an attacker to
-  carry out an SQL injection attack. The issue is due to the
-  ActiveRecord class not properly sanitizing user-supplied input to
-  the 'where' method. This may allow an attacker to inject or
-  manipulate SQL queries in an application built on RoR, allowing for
-  the manipulation or disclosure of arbitrary data.
-
-cvss_v2: 5.0
-
-patched_versions:
-  - ~> 3.0.13
-  - ~> 3.1.5
-  - ">= 3.2.4"

data/data/bundler/audit/rails/2012-3463.yml

@@ -1,19 +0,0 @@
----
-url: http://osvdb.org/84515
-title: Ruby on Rails select_tag Helper Method prompt Value XSS 
-
-description: >
-  Ruby on Rails contains a flaw that allows a remote cross-site
-  scripting (XSS) attack. This flaw exists because input passed via the
-  prompt value is not properly sanitized by the select_tag helper method
-  before returning it to the user. This may allow a user to create a
-  specially crafted request that would execute arbitrary script code in
-  a user's browser within the trust relationship between their browser
-  and the server.
-
-cvss_v2: 4.3
-
-patched_versions:
-  - ~> 3.0.17
-  - ~> 3.1.8
-  - ">= 3.2.8"

data/data/bundler/audit/rails/2012-3464.yml

@@ -1,18 +0,0 @@
----
-url: http://www.osvdb.org/show/osvdb/84516
-title: Ruby on Rails HTML Escaping Code XSS 
-
-description: > 
-  Ruby on Rails contains a flaw that allows a remote
-  cross-site scripting (XSS) attack. This flaw exists because the HTML
-  escaping code functionality does not properly escape a single quote
-  character. This may allow a user to create a specially crafted
-  request that would execute arbitrary script code in a user's browser
-  within the trust relationship between their browser and the server.
-
-cvss_v2: 4.3
-
-patched_versions:
-  - ~> 3.0.17
-  - ~> 3.1.8
-  - ">= 3.2.8"

data/data/bundler/audit/rails/2012-3465.yml

@@ -1,19 +0,0 @@
----
-url: http://www.osvdb.org/show/osvdb/84513
-title: Ruby on Rails strip_tags Helper Method XSS 
-
-description: >
-  Ruby on Rails contains a flaw that allows a remote cross-site
-  scripting (XSS) attack. This flaw exists because the application
-  does not validate input passed via the 'strip_tags' helper method
-  before returning it to the user. This may allow a user to create a
-  specially crafted request that would execute arbitrary script code
-  in a user's browser within the trust relationship between their
-  browser and the server.
-
-cvss_v2: 4.3
-
-patched_versions:
-  - ~> 3.0.17
-  - ~> 3.1.8
-  - ">= 3.2.8"

data/spec/bundle/Gemfile.lock

@@ -1,92 +0,0 @@
-GEM
-  remote: https://rubygems.org/
-  specs:
-    actionmailer (3.2.10)
-      actionpack (= 3.2.10)
-      mail (~> 2.4.4)
-    actionpack (3.2.10)
-      activemodel (= 3.2.10)
-      activesupport (= 3.2.10)
-      builder (~> 3.0.0)
-      erubis (~> 2.7.0)
-      journey (~> 1.0.4)
-      rack (~> 1.4.0)
-      rack-cache (~> 1.2)
-      rack-test (~> 0.6.1)
-      sprockets (~> 2.2.1)
-    activemodel (3.2.10)
-      activesupport (= 3.2.10)
-      builder (~> 3.0.0)
-    activerecord (3.2.10)
-      activemodel (= 3.2.10)
-      activesupport (= 3.2.10)
-      arel (~> 3.0.2)
-      tzinfo (~> 0.3.29)
-    activeresource (3.2.10)
-      activemodel (= 3.2.10)
-      activesupport (= 3.2.10)
-    activesupport (3.2.10)
-      i18n (~> 0.6)
-      multi_json (~> 1.0)
-    arel (3.0.2)
-    builder (3.0.4)
-    erubis (2.7.0)
-    hike (1.2.1)
-    i18n (0.6.1)
-    journey (1.0.4)
-    jquery-rails (2.2.0)
-      railties (>= 3.0, < 5.0)
-      thor (>= 0.14, < 2.0)
-    json (1.7.6)
-    mail (2.4.4)
-      i18n (>= 0.4.0)
-      mime-types (~> 1.16)
-      treetop (~> 1.4.8)
-    mime-types (1.20.1)
-    multi_json (1.5.0)
-    polyglot (0.3.3)
-    rack (1.4.4)
-    rack-cache (1.2)
-      rack (>= 0.4)
-    rack-ssl (1.3.3)
-      rack
-    rack-test (0.6.2)
-      rack (>= 1.0)
-    rails (3.2.10)
-      actionmailer (= 3.2.10)
-      actionpack (= 3.2.10)
-      activerecord (= 3.2.10)
-      activeresource (= 3.2.10)
-      activesupport (= 3.2.10)
-      bundler (~> 1.0)
-      railties (= 3.2.10)
-    railties (3.2.10)
-      actionpack (= 3.2.10)
-      activesupport (= 3.2.10)
-      rack-ssl (~> 1.3.2)
-      rake (>= 0.8.7)
-      rdoc (~> 3.4)
-      thor (>= 0.14.6, < 2.0)
-    rake (10.0.3)
-    rdoc (3.12.1)
-      json (~> 1.4)
-    sprockets (2.2.2)
-      hike (~> 1.2)
-      multi_json (~> 1.0)
-      rack (~> 1.0)
-      tilt (~> 1.1, != 1.3.0)
-    sqlite3 (1.3.7)
-    thor (0.17.0)
-    tilt (1.3.3)
-    treetop (1.4.12)
-      polyglot
-      polyglot (>= 0.3.1)
-    tzinfo (0.3.35)
-
-PLATFORMS
-  ruby
-
-DEPENDENCIES
-  jquery-rails
-  rails (= 3.2.10)
-  sqlite3