Vulnerabilities

 1 via 3 paths

Dependencies

 51

Source

 GitHub

Commit

 e01eb05a

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 1
Status
  • 1
  • 0
  • 0

high severity
new

Use of Externally-Controlled Format String

  • Vulnerable module: json
  • Introduced through: faraday@2.14.1 and jekyll-github-metadata@2.14.0

Detailed paths

  • Introduced through: MichaelCurrin/my-github-projects:Gemfile.lock@MichaelCurrin/my-github-projects#e01eb05a51866abedd12b2f6cfba3c2c77bbbd51 faraday@2.14.1 json@2.18.1
    Remediation: Upgrade to faraday@2.14.1.
  • Introduced through: MichaelCurrin/my-github-projects:Gemfile.lock@MichaelCurrin/my-github-projects#e01eb05a51866abedd12b2f6cfba3c2c77bbbd51 jekyll-github-metadata@2.14.0 octokit@4.25.1 faraday@2.14.1 json@2.18.1
    Remediation: Upgrade to jekyll-github-metadata@2.14.0.
  • Introduced through: MichaelCurrin/my-github-projects:Gemfile.lock@MichaelCurrin/my-github-projects#e01eb05a51866abedd12b2f6cfba3c2c77bbbd51 jekyll-github-metadata@2.14.0 octokit@4.25.1 sawyer@0.9.3 faraday@2.14.1 json@2.18.1
    Remediation: Upgrade to jekyll-github-metadata@2.14.0.

Overview

json is a JSON implementation as a Ruby extension in C.

Affected versions of this package are vulnerable to Use of Externally-Controlled Format String in JSON.parse(doc, allow_duplicate_key: false). An attacker can cause denial of service or disclose sensitive information via malicious format strings. This is only exploitable if the allow_duplicate_key: false option is explicitly enabled.

Remediation

Upgrade json to version 2.15.2.1, 2.17.1.2, 2.19.2 or higher.

References

Use of Externally-Controlled Format String vulnerability report