Andrew Kane

5 exploits Active since Nov 2019
CVE-2019-18841 WRITEUP HIGH WRITEUP
Chartkick.js <3.1.4 - Info Disclosure
Chartkick.js 3.1.0 through 3.1.3, as used in the Chartkick gem before 3.3.0 for Ruby, allows prototype pollution.
CVSS 7.3
CVE-2019-18841 WRITEUP HIGH WRITEUP
Chartkick.js <3.1.4 - Info Disclosure
Chartkick.js 3.1.0 through 3.1.3, as used in the Chartkick gem before 3.3.0 for Ruby, allows prototype pollution.
CVSS 7.3
CVE-2020-10380 WRITEUP CRITICAL WRITEUP
RMySQL < 0.10.19 - SQL Injection
RMySQL through 0.10.19 allows SQL Injection.
CVSS 9.8
CVE-2020-16252 WRITEUP MEDIUM WRITEUP
Field Test 0.2.0-0.3.2 - Cross-Site Request Forgery
The Field Test gem 0.2.0 through 0.3.2 for Ruby allows CSRF.
CVSS 4.3
CVE-2023-25015 WRITEUP MEDIUM WRITEUP
Clockwork Web < 0.1.2 - Cross-Site Request Forgery
Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF.
CVSS 6.5