Showing 761 of 761 total issues
Denial of service in sidekiq Open
sidekiq (4.0.2)- Read upRead up
- Exclude checks
Advisory: CVE-2022-23837
Criticality: High
URL: https://github.com/mperham/sidekiq/commit/7785ac1399f1b28992adb56055f6acd88fd1d956
Solution: upgrade to >= 6.4.0, ~> 5.2.10
Class has too many lines. [167/100] Open
class QueryDSL
include Elasticsearch::DSL
MAX_RESULTS = 100
- Read upRead up
- Exclude checks
This cop checks if the length a class exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
Class has too many lines. [149/100] Open
class Manifest < ActiveRecord::Base
include Searchable
validate :tracking_number, :validate_tracking_number_unique
validates :user_id, presence: true- Read upRead up
- Exclude checks
This cop checks if the length a class exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
Class has too many lines. [142/100] Open
class UserSession
attr_reader :session, :token
TTL = 4 * 60 * 60
@@ttl = TTL- Read upRead up
- Exclude checks
This cop checks if the length a class exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
Module has too many lines. [106/100] Open
module StatesHelper
def us_states
[
['Alabama', 'AL'],
['Alaska', 'AK'],- Read upRead up
- Exclude checks
This cop checks if the length a module exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer Open
rails-html-sanitizer (1.0.3)- Read upRead up
- Exclude checks
Advisory: CVE-2022-32209
Criticality: Medium
URL: https://groups.google.com/g/rubyonrails-security/c/ce9PhUANQ6s
Solution: upgrade to >= 1.4.3
Regular Expression Denial of Service in Addressable templates Open
addressable (2.3.8)- Read upRead up
- Exclude checks
Advisory: CVE-2021-32740
Criticality: High
URL: https://github.com/advisories/GHSA-jxhc-q857-3j6g
Solution: upgrade to >= 2.8.0
Out-of-bounds Write in zlib affects Nokogiri Open
nokogiri (1.6.7.2)- Read upRead up
- Exclude checks
Advisory: CVE-2018-25032
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5
Solution: upgrade to >= 1.13.4
Nokogiri gem contains several vulnerabilities in libxml2 and libxslt Open
nokogiri (1.6.7.2)- Read upRead up
- Exclude checks
Advisory: CVE-2016-4658
Criticality: Critical
URL: https://github.com/sparklemotion/nokogiri/issues/1615
Solution: upgrade to >= 1.7.1
i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS Open
i18n (0.7.0)- Read upRead up
- Exclude checks
Advisory: CVE-2014-10077
URL: https://github.com/svenfuchs/i18n/pull/289
Solution: upgrade to >= 0.8.0
Loofah XSS Vulnerability Open
loofah (2.0.3)- Read upRead up
- Exclude checks
Advisory: CVE-2018-8048
Criticality: Medium
URL: https://github.com/flavorjones/loofah/issues/144
Solution: upgrade to >= 2.2.1
Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file Open
nokogiri (1.6.7.2)- Read upRead up
- Exclude checks
Advisory: CVE-2019-5477
Criticality: Critical
URL: https://github.com/sparklemotion/nokogiri/issues/1915
Solution: upgrade to >= 1.10.4
Loofah XSS Vulnerability Open
loofah (2.0.3)- Read upRead up
- Exclude checks
Advisory: CVE-2019-15587
Criticality: Medium
URL: https://github.com/flavorjones/loofah/issues/171
Solution: upgrade to >= 2.3.1
Injection/XSS in Redcarpet Open
redcarpet (3.3.4)- Read upRead up
- Exclude checks
Advisory: CVE-2020-26298
Criticality: Medium
URL: https://github.com/vmg/redcarpet/commit/a699c82292b17c8e6a62e1914d5eccc252272793
Solution: upgrade to >= 3.5.1
Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities Open
nokogiri (1.6.7.2)- Read upRead up
- Exclude checks
Advisory: CVE-2017-9050
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/issues/1673
Solution: upgrade to >= 1.8.1
libxml2 2.9.10 has an infinite loop in a certain end-of-file situation Open
nokogiri (1.6.7.2)- Read upRead up
- Exclude checks
Advisory: CVE-2020-7595
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/issues/1992
Solution: upgrade to >= 1.10.8
Possible XSS vulnerability with certain configurations of rails-html-sanitizer Open
rails-html-sanitizer (1.0.3)- Read upRead up
- Exclude checks
Advisory: CVE-2022-23520
Criticality: Medium
URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8
Solution: upgrade to >= 1.4.4
Potential XSS vulnerability in jQuery Open
jquery-rails (4.0.5)- Read upRead up
- Exclude checks
Advisory: CVE-2020-11023
Criticality: Medium
URL: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released
Solution: upgrade to >= 4.4.0
Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby Open
nokogiri (1.6.7.2)- Read upRead up
- Exclude checks
Advisory: CVE-2021-41098
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h
Solution: upgrade to >= 1.12.5
Possible XSS vulnerability with certain configurations of rails-html-sanitizer Open
rails-html-sanitizer (1.0.3)- Read upRead up
- Exclude checks
Advisory: CVE-2022-23519
Criticality: Medium
URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h
Solution: upgrade to >= 1.4.4