Issues - 18F/e-manifest

Keepalive thread overload/DoS in puma
Open

    puma (2.15.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

    activerecord (4.2.5.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

    json (1.8.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

ReDoS based DoS vulnerability in Active Support’s underscore
Open

    activesupport (4.2.5.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

    puma (2.15.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Possible shell escape sequence injection vulnerability in Rack
Open

    rack (1.6.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Keepalive Connections Causing Denial Of Service in puma
Open

    puma (2.15.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma
Open

    puma (2.15.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

HTTP Response Splitting (Early Hints) in Puma
Open

    puma (2.15.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
Open

    activesupport (4.2.5.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

ReDoS based DoS vulnerability in GlobalID
Open

    globalid (0.3.6)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Information Exposure with Puma when used with Rails
Open

    puma (2.15.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Denial of service via header parsing in Rack
Open

    rack (1.6.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Ability to forge per-form CSRF tokens given a global CSRF token
Open

    actionpack (4.2.5.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

HTTP Response Splitting vulnerability in puma
Open

    puma (2.15.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Possible DoS Vulnerability in Action Controller Token Authentication
Open

    actionpack (4.2.5.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

    puma (2.15.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Denial of service via multipart parsing in Rack
Open

    rack (1.6.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

    rack (1.6.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Denial of Service Vulnerability in Rack Multipart Parsing
Open

    rack (1.6.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

18F/e-manifest

Showing 761 of 761 total issues

Keepalive thread overload/DoS in puma
Open

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

ReDoS based DoS vulnerability in Active Support’s underscore
Open

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

Possible shell escape sequence injection vulnerability in Rack
Open

Keepalive Connections Causing Denial Of Service in puma
Open

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma
Open

HTTP Response Splitting (Early Hints) in Puma
Open

Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
Open

ReDoS based DoS vulnerability in GlobalID
Open

Information Exposure with Puma when used with Rails
Open

Denial of service via header parsing in Rack
Open

Ability to forge per-form CSRF tokens given a global CSRF token
Open

HTTP Response Splitting vulnerability in puma
Open

Possible DoS Vulnerability in Action Controller Token Authentication
Open

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

Denial of service via multipart parsing in Rack
Open

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

Denial of Service Vulnerability in Rack Multipart Parsing
Open

Severity

Category

Status

Source

Language

18F/e-manifest

Showing 761 of 761 total issues

Keepalive thread overload/DoS in puma Open

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter Open

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix) Open

ReDoS based DoS vulnerability in Active Support’s underscore Open

HTTP Smuggling via Transfer-Encoding Header in Puma Open

Possible shell escape sequence injection vulnerability in Rack Open

Keepalive Connections Causing Denial Of Service in puma Open

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma Open

HTTP Response Splitting (Early Hints) in Puma Open

Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore Open

ReDoS based DoS vulnerability in GlobalID Open

Information Exposure with Puma when used with Rails Open

Denial of service via header parsing in Rack Open

Ability to forge per-form CSRF tokens given a global CSRF token Open

HTTP Response Splitting vulnerability in puma Open

Possible DoS Vulnerability in Action Controller Token Authentication Open

HTTP Smuggling via Transfer-Encoding Header in Puma Open

Denial of service via multipart parsing in Rack Open

Percent-encoded cookies can be used to overwrite existing prefixed cookie names Open

Denial of Service Vulnerability in Rack Multipart Parsing Open

Severity

Category

Status

Source

Language

Keepalive thread overload/DoS in puma
Open

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

ReDoS based DoS vulnerability in Active Support’s underscore
Open

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

Possible shell escape sequence injection vulnerability in Rack
Open

Keepalive Connections Causing Denial Of Service in puma
Open

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma
Open

HTTP Response Splitting (Early Hints) in Puma
Open

Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
Open

ReDoS based DoS vulnerability in GlobalID
Open

Information Exposure with Puma when used with Rails
Open

Denial of service via header parsing in Rack
Open

Ability to forge per-form CSRF tokens given a global CSRF token
Open

HTTP Response Splitting vulnerability in puma
Open

Possible DoS Vulnerability in Action Controller Token Authentication
Open

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

Denial of service via multipart parsing in Rack
Open

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

Denial of Service Vulnerability in Rack Multipart Parsing
Open