46 matches found
Malicious Package
Overview activeadmin-globalizeinputs is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...
Malicious Package
Overview ActiveAdminGlobalize3-inputs is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid usin...
Malicious Package
Overview activeadminmongoid-localize is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...
Malicious Package
Overview activeadmin-jfuupload is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...
Cross-site Scripting (XSS)
activeadmin is vulnerable to cross-site scripting XSS attacks. The library does not sanitize several user input fields before rendering them, allowing a malicious user to inject and execute arbitrary Javascript...
Information Disclosure
activeadmin is vulnerable to information disclosure attacks. The vulnerability exists via the format renderers. This is because the data can be rendered through other formats, even after disabling the download links due to insufficient authorization checks in the resourcecontroller...