MidnightBSD

Advisories for thoughtbot

CVE-2013-4457 MEDIUM

The Cocaine gem 0.4.0 through 0.5.2 for Ruby allows context-dependent attackers to execute arbitrary commands via a crafted has object, related to recursive variable interpolation.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
thoughtbot cocaine 0.4.1
thoughtbot cocaine 0.4.2
thoughtbot cocaine 0.4.0
thoughtbot cocaine 0.5.0
thoughtbot cocaine 0.5.2
thoughtbot cocaine 0.5.1
CVE-2015-2963 MEDIUM

The thoughtbot paperclip gem before 4.2.2 for Ruby does not consider the content-type value during media-type validation, which allows remote attackers to upload HTML documents and conduct cross-site scripting (XSS) attacks via a spoofed value, as demonstrated by image/jpeg.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
thoughtbot paperclip *
CVE-2016-3098

Cross-site request forgery (CSRF) vulnerability in administrate 0.1.4 and earlier allows remote attackers to hijack the user's OAuth autorization code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N 2.8 2.5

Products Affected

Vendor Product Version
thoughtbot administrate *
CVE-2017-0889 HIGH

Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter class. Attackers may be able to access information about internal network resources.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-918,CWE-918,

Products Affected

Vendor Product Version
thoughtbot paperclip *
CVE-2020-5257 MEDIUM

In Administrate (rubygem) before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the `direction` parameter and bypass ActiveRecord SQL protections. Whilst this does have a high-impact, to exploit this you need access to the Administrate dashboards, which we would expect to be behind authentication. This is patched in wersion 0.13.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 2.8 5.2
security-advisories@github.com 7.7 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N 1.3 5.8

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-943,CWE-89,

Products Affected

Vendor Product Version
thoughtbot administrate *
CVE-2021-23435 MEDIUM

This affects the package clearance before 2.5.0. The vulnerability can be possible when users are able to set the value of session[:return_to]. If the value used for return_to contains multiple leading slashes (/////example.com) the user ends up being redirected to the external domain that comes after the slashes (http://example.com).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
report@snyk.io 7.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H 2.8 4.7
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-601,

Products Affected

Vendor Product Version
thoughtbot clearance *