Andrew Kane

4 exploits Active since Nov 2019
CVE-2019-18841 WRITEUP HIGH WRITEUP
Chartkick.js <3.1.4 - Info Disclosure
Chartkick.js 3.1.0 through 3.1.3, as used in the Chartkick gem before 3.3.0 for Ruby, allows prototype pollution.
CVSS 7.3
CVE-2020-10380 WRITEUP CRITICAL WRITEUP
R-consortium Rmysql < 0.10.19 - SQL Injection
RMySQL through 0.10.19 allows SQL Injection.
CVSS 9.8
CVE-2020-16252 WRITEUP MEDIUM WRITEUP
Field Test < 0.3.2 - CSRF
The Field Test gem 0.2.0 through 0.3.2 for Ruby allows CSRF.
CVSS 4.3
CVE-2023-25015 WRITEUP MEDIUM WRITEUP
Clockwork Web < 0.1.2 - CSRF
Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF.
CVSS 6.5