Appcanary is shutting down and joining GitHub. You can find out more here.

Yep, it’s vulnerable.

Please consult the following and update where appropriate.



jquery-rails

2.2.1

Fixed by:
CSRF Vulnerability in jquery-rails 3.1.3

activesupport

3.2.19

Fixed by:
Possible Denial of Service attack in Active Support 3.2.22

rack

1.4.5

Fixed by:
Potential Denial of Service Vulnerability in Rack 1.4.6

actionpack

3.2.19

Fixed by:
Arbitrary file existence disclosure in Action Pack 3.2.20
Possible remote code execution vulnerability in Action Pack 3.2.22.2
Arbitrary file existence disclosure in Action Pack 3.2.21
Possible XSS Vulnerability in Action View 3.2.22.3
Possible Object Leak and Denial of Service attack in Action Pack 3.2.22.1
Timing attack vulnerability in basic authentication in Action Controller. 3.2.22.1
Possible Information Leak Vulnerability in Action View 3.2.22.1
Possible Information Leak Vulnerability in Action View 3.2.22.2

nokogiri

1.5.11

Fixed by:
Nokogiri gem contains several vulnerabilities in libxml2 and libxslt 1.6.6.4
Nokogiri Gem for JRuby XML Document Root Element Handling Memory Consumption Remote DoS 1.6.3
Nokogiri gem contains several vulnerabilities in libxml2 and libxslt 1.7.1
Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29 1.7.2
Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities 1.8.1
Nokogiri gem, via libxml, is affected by DoS vulnerabilities 1.8.2
Nokogiri gem, via libxml, is affected by DoS vulnerabilities 1.8.1

twitter-bootstrap-rails

2.2.6

Fixed by:
Reflective XSS Vulnerability in twitter-bootstrap-rails 3.2.0