Skip to content

[Snyk] Fix for 3 vulnerabilities#49

Open
busterb wants to merge 1569 commits intomasterfrom
snyk-fix-479a63a17e9d30fbb5de2169b25543f8
Open

[Snyk] Fix for 3 vulnerabilities#49
busterb wants to merge 1569 commits intomasterfrom
snyk-fix-479a63a17e9d30fbb5de2169b25543f8

Conversation

@busterb
Copy link
Owner

@busterb busterb commented Oct 8, 2025

snyk-top-banner

Snyk has created this PR to fix 3 vulnerabilities in the rubygems dependencies of this project.

Snyk changed the following file(s):

  • Gemfile
⚠️ Warning 
Failed to update the Gemfile.lock, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

Issue Score
high severity Allocation of Resources Without Limits or Throttling
SNYK-RUBY-RACK-13378928		   721  
high severity Allocation of Resources Without Limits or Throttling
SNYK-RUBY-RACK-13378930		   721  
high severity Allocation of Resources Without Limits or Throttling
SNYK-RUBY-RACK-13378932		   721  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Allocation of Resources Without Limits or Throttling

DevBuiHieu and others added 30 commits June 17, 2025 01:32
@DevBuiHieu
Add some features and delete old files for CVE-2025-33053 exploit module
9e5dd09
@DevBuiHieu
Add some features and fix all errors for CVE-2025-33053 exploit module
20629fe
@adfoster-r7
Merge pull request rapid7#20109 from dwelch-r7/rails-7.2-upgrade
04c368f 
Bump rails version to 7.2 [WIP]
@adfoster-r7
Revert "Bump rails version to 7.2"
fb02b4a
@dwelch-r7
Merge pull request rapid7#20320 from rapid7/revert-20109-rails-7.2-up…
ab2c693 
…grade

Revert "Bump rails version to 7.2"
@DevBuiHieu
Add some features and fix all errors for CVE-2025-33053 exploit module
fda69e0
@DevBuiHieu
Add some features and fix bugs for CVE-2025-33053 exploit module
cb7badb
@DevBuiHieu
Add some features and fix bugs for CVE-2025-33053 exploit module
58609f3
@DevBuiHieu
Add some features and fix bugs for CVE-2025-33053 exploit module
20b8a9f
@DevBuiHieu
Final code for CVE-2025-33053 exploit module
ec5ba0b
@DevBuiHieu
Final code for CVE-2025-33053 exploit module
1d27be2
@00nx
alias.rb
b1e1fbc
@msjenkins-r7
Bump version of framework to 6.4.71
5ff0588
@dledda-r7
Merge pull request rapid7#20235 from Chocapikk/vbulletin_replace_ad_t…
c0dfbf4 
…emplate_rce

vBulletin replaceAdTemplate Remote Code Execution
@DevBuiHieu @msutovsky-r7
Update modules/exploits/windows/fileformat/cve_2025_33053.rb
4fde40a 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
@DevBuiHieu @msutovsky-r7
Update modules/exploits/windows/fileformat/cve_2025_33053.rb
600ffdb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
@DevBuiHieu
Update cve_2025_33053.rb
efc0c25
@DevBuiHieu @msutovsky-r7
Update modules/exploits/windows/fileformat/cve_2025_33053.rb
a0f1b0c 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
@DevBuiHieu @msutovsky-r7
Update modules/exploits/windows/fileformat/cve_2025_33053.rb
f3c4d95 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
@cgranleese-r7
Adds Rubocop rule to detect leading/trailing whitespace in module met…
9eef0cf 
…adata
@DevBuiHieu
Update cve_2025_33053.rb
dd51952
@cgranleese-r7
Add flag to vuln command to show vuln attempts
65ed80f
@msutovsky-r7
Adding PPC64 template, fixing PPC64 single payloads
00852f4
@msutovsky-r7
Adding PPC64 template, fixing PPC64 single payloads
be394b7
@adfoster-r7
Merge pull request rapid7#20327 from cgranleese-r7/update-vulns-command
6d897ea 
Update `vulns` command
@adfoster-r7
Merge pull request rapid7#20315 from cgranleese-r7/adds-rubocop-rule-…
b0dbe03 
…to-detect-module-metadata-whitespace

Adds Rubocop rule to detect leading/trailing whitespace in module metadata
@msutovsky-r7
Removes overlooked file
2122a34
@cgranleese-r7
Fixes some conditionals in modules
42f31c0
@adfoster-r7
Merge pull request rapid7#20330 from cgranleese-r7/fixes-conditional
7208c10 
Fixes issues in a few modules
@cgranleese-r7
Runs Rubocop to fix layout in modules
a4b14d8
jenkins-metasploit and others added 29 commits July 11, 2025 15:26
automatic module_metadata_base.json update
60a6658
@jheysel-r7
Merge pull request rapid7#20216 from sjanusz-r7/add-graphql-aux-scann…
914f874 
…er-module

Add GraphQL Auxiliary Scanner module
automatic module_metadata_base.json update
04c7945
@jheysel-r7
Fix update action in ad_cs_cert_template
e328a8f
@sjanusz-r7
Merge pull request rapid7#20388 from jheysel-r7/fix/regression/ad_cs_…
166479f 
…cert_template

Fix the UPDATE Action in the ad_cs_cert_template Module
automatic module_metadata_base.json update
87122cb
@msutovsky-r7
Updates docs
f773e3a
@cdelafuente-r7
Bump data_models gem to 6.0.10 and model gem to 5.0.4
0f86dd7
@adfoster-r7
Merge pull request rapid7#20389 from cdelafuente-r7/enh/gems_version_…
8fdf0ea 
…bump

Bump data_models gem to 6.0.10 and model gem to 5.0.4
@adfoster-r7
Pin StringIO version
850b934
@zeroSteiner
Add a missing keyword for option validation
be10b82
@zeroSteiner
Remove the version from the default prompt
2810851 
Fixes rapid7#20355
@Chocapikk
refactor(wp_photo_gallery): drop unused action + guard against LocalJ…
efa49d2 
…umpError in SQLi helper
@cgranleese-r7
Merge pull request rapid7#20391 from zeroSteiner/fix/issue/20366
170cb15 
Add a missing keyword for option validation
@cgranleese-r7
Merge pull request rapid7#20392 from zeroSteiner/fix/issue/20355
73470fe 
Remove the version from the default prompt
@cgranleese-r7
Merge pull request rapid7#20390 from adfoster-r7/pin-stringio-version
f16de58 
Pin StringIO version
@cgranleese-r7
Updates docs to reflect new default prompt
469f102
@sjanusz-r7
Bump rex-socket to 0.1.63
3bb3429
@sjanusz-r7
Fix acceptance tests prompt matching
99c9e8c
@dledda-r7
Update pandora_fms_auth_netflow_rce.md
ca9535e
@adfoster-r7
Merge pull request rapid7#20395 from sjanusz-r7/bump-rex-socket
cf13498 
Bump rex-socket to 0.1.63
@dledda-r7
Merge pull request rapid7#20356 from msutovsky-r7/exploit/pandorafms_…
18d61d3 
…netflow_rce

Add module for authenticated PandoraFMS command injection (CVE-2025-5306)
automatic module_metadata_base.json update
2601c07
@cgranleese-r7
Updates msf5 as well
adff497
@adfoster-r7
Merge pull request rapid7#20394 from cgranleese-r7/update-docs-to-ref…
8fe815d 
…lect-new-default-prompt

Updates docs to reflect new default prompt
@msjenkins-r7
Bump version of framework to 6.4.76
b6a04c2
@jheysel-r7
Merge pull request rapid7#20375 from Chocapikk/wp_photo_gallery_sqli
00c8c77 
WP Photo Gallery by 10Web Unauthenticated SQLi (CVE-2022-0169)
automatic module_metadata_base.json update
6dcefab
@snyk-bot
fix: Gemfile to reduce vulnerabilities
d45829d 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-RUBY-RACK-13378928
- https://snyk.io/vuln/SNYK-RUBY-RACK-13378930
- https://snyk.io/vuln/SNYK-RUBY-RACK-13378932
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.