pkg:gem/decidim
Type
gem
Name
decidim
Known advisories, vulnerabilities and fixes for decidim package.
- Repository
- https://rubygems.org/gems/decidim
Critical
1
High
4
Medium
4
Low
1
| Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
|---|---|---|---|---|---|---|---|
| Affected | < 0.27.3 = 0.25.0 |
CVE-2023-32693
|
 RUBYSEC:DECIDIM-2023-32693
|
Decidim Cross-site Scripting vulnerability in the external link redirections | high |
2023-07-11T00:00:00
(14 months ago) |
|
| Fixed | = 0.26.6 >= 0.27.3 |
CVE-2023-32693
|
RUBYSEC:DECIDIM-2023-32693
|
Decidim Cross-site Scripting vulnerability in the external link redirections | high |
2023-07-11T00:00:00
(14 months ago) |
|
| Unaffected | < 0.25.0 |
CVE-2023-32693
|
RUBYSEC:DECIDIM-2023-32693
|
Decidim Cross-site Scripting vulnerability in the external link redirections | high |
2023-07-11T00:00:00
(14 months ago) |
|
| Affected | < 0.27.3 = 0.14.0 |
CVE-2023-34089
|
RUBYSEC:DECIDIM-2023-34089
|
Decidim Cross-site Scripting vulnerability in the processes filter | high |
2023-07-11T00:00:00
(14 months ago) |
|
| Fixed | = 0.26.6 >= 0.27.3 |
CVE-2023-34089
|
RUBYSEC:DECIDIM-2023-34089
|
Decidim Cross-site Scripting vulnerability in the processes filter | high |
2023-07-11T00:00:00
(14 months ago) |
|
| Unaffected | < 0.14.0 |
CVE-2023-34089
|
RUBYSEC:DECIDIM-2023-34089
|
Decidim Cross-site Scripting vulnerability in the processes filter | high |
2023-07-11T00:00:00
(14 months ago) |
|
| Affected | < 0.27.3 = 0.27.0 |
CVE-2023-34090
|
RUBYSEC:DECIDIM-2023-34090
|
Decidim vulnerable to sensitive data disclosure | high |
2023-07-11T00:00:00
(14 months ago) |
|
| Fixed | >= 0.27.3 |
CVE-2023-34090
|
RUBYSEC:DECIDIM-2023-34090
|
Decidim vulnerable to sensitive data disclosure | high |
2023-07-11T00:00:00
(14 months ago) |
|
| Unaffected | < 0.27.0 |
CVE-2023-34090
|
RUBYSEC:DECIDIM-2023-34090
|
Decidim vulnerable to sensitive data disclosure | high |
2023-07-11T00:00:00
(14 months ago) |
|
| Affected | < 0.27.4 = 0.23.2 |
CVE-2023-36465
|
RUBYSEC:DECIDIM-2023-36465
|
Decidim has broken access control in templates | critical |
2023-10-05T00:00:00
(11 months ago) |
|
| Fixed | = 0.26.8 >= 0.27.4 |
CVE-2023-36465
|
RUBYSEC:DECIDIM-2023-36465
|
Decidim has broken access control in templates | critical |
2023-10-05T00:00:00
(11 months ago) |
|
| Unaffected | < 0.23.2 |
CVE-2023-36465
|
RUBYSEC:DECIDIM-2023-36465
|
Decidim has broken access control in templates | critical |
2023-10-05T00:00:00
(11 months ago) |
|
| Affected | < 0.27.5 = 0.10.0 |
CVE-2023-47634
|
RUBYSEC:DECIDIM-2023-47634
|
Race condition in Endorsements | low |
2024-02-20T00:00:00
(7 months ago) |
|
| Fixed | = 0.26.9 >= 0.27.5 |
CVE-2023-47634
|
RUBYSEC:DECIDIM-2023-47634
|
Race condition in Endorsements | low |
2024-02-20T00:00:00
(7 months ago) |
|
| Unaffected | < 0.10.0 |
CVE-2023-47634
|
RUBYSEC:DECIDIM-2023-47634
|
Race condition in Endorsements | low |
2024-02-20T00:00:00
(7 months ago) |
|
| Affected | < 0.27.5 = 0.0.1.alpha3 |
CVE-2023-48220
|
RUBYSEC:DECIDIM-2023-48220
|
Possibility to circumvent the invitation token expiry period | medium |
2024-02-20T00:00:00
(7 months ago) |
|
| Fixed | = 0.26.9 >= 0.27.5 |
CVE-2023-48220
|
RUBYSEC:DECIDIM-2023-48220
|
Possibility to circumvent the invitation token expiry period | medium |
2024-02-20T00:00:00
(7 months ago) |
|
| Unaffected | < 0.0.1.alpha3 |
CVE-2023-48220
|
RUBYSEC:DECIDIM-2023-48220
|
Possibility to circumvent the invitation token expiry period | medium |
2024-02-20T00:00:00
(7 months ago) |
|
| Affected | < 0.27.5 = 0.27.0 |
CVE-2023-51447
|
RUBYSEC:DECIDIM-2023-51447
|
Cross-site scripting (XSS) in the dynamic file uploads | medium |
2024-02-20T00:00:00
(7 months ago) |
|
| Fixed | >= 0.27.5 |
CVE-2023-51447
|
RUBYSEC:DECIDIM-2023-51447
|
Cross-site scripting (XSS) in the dynamic file uploads | medium |
2024-02-20T00:00:00
(7 months ago) |
|
| Unaffected | < 0.27.0 |
CVE-2023-51447
|
RUBYSEC:DECIDIM-2023-51447
|
Cross-site scripting (XSS) in the dynamic file uploads | medium |
2024-02-20T00:00:00
(7 months ago) |
|
| Affected | < 0.27.6 |
CVE-2024-27090
|
RUBYSEC:DECIDIM-2024-27090
|
Decidim vulnerable to data disclosure through the embed feature | medium |
2024-07-10T00:00:00
(2 months ago) |
|
| Fixed | >= 0.27.6 |
CVE-2024-27090
|
RUBYSEC:DECIDIM-2024-27090
|
Decidim vulnerable to data disclosure through the embed feature | medium |
2024-07-10T00:00:00
(2 months ago) |
|
| Affected | < 0.28.1 |
CVE-2024-32469
|
RUBYSEC:DECIDIM-2024-32469
|
Decidim cross-site scripting (XSS) in the pagination | high |
2024-07-10T00:00:00
(2 months ago) |
|
| Fixed | = 0.27.6 >= 0.28.1 |
CVE-2024-32469
|
RUBYSEC:DECIDIM-2024-32469
|
Decidim cross-site scripting (XSS) in the pagination | high |
2024-07-10T00:00:00
(2 months ago) |
|
| Affected | < 0.27.7 |
CVE-2024-39910
|
RUBYSEC:DECIDIM-2024-39910
|
Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin panel with QuillJS WYSWYG editor | medium |
2024-09-16T00:00:00
(3 days ago) |
|
| Fixed | >= 0.27.7 |
CVE-2024-39910
|
RUBYSEC:DECIDIM-2024-39910
|
Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin panel with QuillJS WYSWYG editor | medium |
2024-09-16T00:00:00
(3 days ago) |