pkg:gem/decidim
Type
gem
Name
decidim
Known advisories, vulnerabilities and fixes for decidim package.
- Repository
- https://rubygems.org/gems/decidim
Critical
1
High
4
Medium
4
Low
1
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | < 0.27.3 = 0.25.0 |
CVE-2023-32693
|
RUBYSEC:DECIDIM-2023-32693 | Decidim Cross-site Scripting vulnerability in the external link redirections | high |
2023-07-11T00:00:00
(14 months ago) |
|
Fixed | = 0.26.6 >= 0.27.3 |
CVE-2023-32693
|
RUBYSEC:DECIDIM-2023-32693 | Decidim Cross-site Scripting vulnerability in the external link redirections | high |
2023-07-11T00:00:00
(14 months ago) |
|
Unaffected | < 0.25.0 |
CVE-2023-32693
|
RUBYSEC:DECIDIM-2023-32693 | Decidim Cross-site Scripting vulnerability in the external link redirections | high |
2023-07-11T00:00:00
(14 months ago) |
|
Affected | < 0.27.3 = 0.14.0 |
CVE-2023-34089
|
RUBYSEC:DECIDIM-2023-34089 | Decidim Cross-site Scripting vulnerability in the processes filter | high |
2023-07-11T00:00:00
(14 months ago) |
|
Fixed | = 0.26.6 >= 0.27.3 |
CVE-2023-34089
|
RUBYSEC:DECIDIM-2023-34089 | Decidim Cross-site Scripting vulnerability in the processes filter | high |
2023-07-11T00:00:00
(14 months ago) |
|
Unaffected | < 0.14.0 |
CVE-2023-34089
|
RUBYSEC:DECIDIM-2023-34089 | Decidim Cross-site Scripting vulnerability in the processes filter | high |
2023-07-11T00:00:00
(14 months ago) |
|
Affected | < 0.27.3 = 0.27.0 |
CVE-2023-34090
|
RUBYSEC:DECIDIM-2023-34090 | Decidim vulnerable to sensitive data disclosure | high |
2023-07-11T00:00:00
(14 months ago) |
|
Fixed | >= 0.27.3 |
CVE-2023-34090
|
RUBYSEC:DECIDIM-2023-34090 | Decidim vulnerable to sensitive data disclosure | high |
2023-07-11T00:00:00
(14 months ago) |
|
Unaffected | < 0.27.0 |
CVE-2023-34090
|
RUBYSEC:DECIDIM-2023-34090 | Decidim vulnerable to sensitive data disclosure | high |
2023-07-11T00:00:00
(14 months ago) |
|
Affected | < 0.27.4 = 0.23.2 |
CVE-2023-36465
|
RUBYSEC:DECIDIM-2023-36465 | Decidim has broken access control in templates | critical |
2023-10-05T00:00:00
(11 months ago) |
|
Fixed | = 0.26.8 >= 0.27.4 |
CVE-2023-36465
|
RUBYSEC:DECIDIM-2023-36465 | Decidim has broken access control in templates | critical |
2023-10-05T00:00:00
(11 months ago) |
|
Unaffected | < 0.23.2 |
CVE-2023-36465
|
RUBYSEC:DECIDIM-2023-36465 | Decidim has broken access control in templates | critical |
2023-10-05T00:00:00
(11 months ago) |
|
Affected | < 0.27.5 = 0.10.0 |
CVE-2023-47634
|
RUBYSEC:DECIDIM-2023-47634 | Race condition in Endorsements | low |
2024-02-20T00:00:00
(7 months ago) |
|
Fixed | = 0.26.9 >= 0.27.5 |
CVE-2023-47634
|
RUBYSEC:DECIDIM-2023-47634 | Race condition in Endorsements | low |
2024-02-20T00:00:00
(7 months ago) |
|
Unaffected | < 0.10.0 |
CVE-2023-47634
|
RUBYSEC:DECIDIM-2023-47634 | Race condition in Endorsements | low |
2024-02-20T00:00:00
(7 months ago) |
|
Affected | < 0.27.5 = 0.0.1.alpha3 |
CVE-2023-48220
|
RUBYSEC:DECIDIM-2023-48220 | Possibility to circumvent the invitation token expiry period | medium |
2024-02-20T00:00:00
(7 months ago) |
|
Fixed | = 0.26.9 >= 0.27.5 |
CVE-2023-48220
|
RUBYSEC:DECIDIM-2023-48220 | Possibility to circumvent the invitation token expiry period | medium |
2024-02-20T00:00:00
(7 months ago) |
|
Unaffected | < 0.0.1.alpha3 |
CVE-2023-48220
|
RUBYSEC:DECIDIM-2023-48220 | Possibility to circumvent the invitation token expiry period | medium |
2024-02-20T00:00:00
(7 months ago) |
|
Affected | < 0.27.5 = 0.27.0 |
CVE-2023-51447
|
RUBYSEC:DECIDIM-2023-51447 | Cross-site scripting (XSS) in the dynamic file uploads | medium |
2024-02-20T00:00:00
(7 months ago) |
|
Fixed | >= 0.27.5 |
CVE-2023-51447
|
RUBYSEC:DECIDIM-2023-51447 | Cross-site scripting (XSS) in the dynamic file uploads | medium |
2024-02-20T00:00:00
(7 months ago) |
|
Unaffected | < 0.27.0 |
CVE-2023-51447
|
RUBYSEC:DECIDIM-2023-51447 | Cross-site scripting (XSS) in the dynamic file uploads | medium |
2024-02-20T00:00:00
(7 months ago) |
|
Affected | < 0.27.6 |
CVE-2024-27090
|
RUBYSEC:DECIDIM-2024-27090 | Decidim vulnerable to data disclosure through the embed feature | medium |
2024-07-10T00:00:00
(2 months ago) |
|
Fixed | >= 0.27.6 |
CVE-2024-27090
|
RUBYSEC:DECIDIM-2024-27090 | Decidim vulnerable to data disclosure through the embed feature | medium |
2024-07-10T00:00:00
(2 months ago) |
|
Affected | < 0.28.1 |
CVE-2024-32469
|
RUBYSEC:DECIDIM-2024-32469 | Decidim cross-site scripting (XSS) in the pagination | high |
2024-07-10T00:00:00
(2 months ago) |
|
Fixed | = 0.27.6 >= 0.28.1 |
CVE-2024-32469
|
RUBYSEC:DECIDIM-2024-32469 | Decidim cross-site scripting (XSS) in the pagination | high |
2024-07-10T00:00:00
(2 months ago) |
|
Affected | < 0.27.7 |
CVE-2024-39910
|
RUBYSEC:DECIDIM-2024-39910 | Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin panel with QuillJS WYSWYG editor | medium |
2024-09-16T00:00:00
(3 days ago) |
|
Fixed | >= 0.27.7 |
CVE-2024-39910
|
RUBYSEC:DECIDIM-2024-39910 | Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin panel with QuillJS WYSWYG editor | medium |
2024-09-16T00:00:00
(3 days ago) |