Showing 761 of 761 total issues
Improper neutralization of data URIs may allow XSS in rails-html-sanitizer Open
rails-html-sanitizer (1.0.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-23518
Criticality: Medium
URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m
Solution: upgrade to >= 1.4.4
Potential XSS vulnerability in jQuery Open
jquery-rails (4.0.5)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-11023
Criticality: Medium
URL: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released
Solution: upgrade to >= 4.4.0
Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35) Open
nokogiri (1.6.7.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2021-30560
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2
Solution: upgrade to >= 1.13.2
Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby Open
nokogiri (1.6.7.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2021-41098
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h
Solution: upgrade to >= 1.12.5
Loofah XSS Vulnerability Open
loofah (2.0.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2018-16468
Criticality: Medium
URL: https://github.com/flavorjones/loofah/issues/154
Solution: upgrade to >= 2.2.3
Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29 Open
nokogiri (1.6.7.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2017-5029
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/issues/1634
Solution: upgrade to >= 1.7.2
Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file Open
nokogiri (1.6.7.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-5477
Criticality: Critical
URL: https://github.com/sparklemotion/nokogiri/issues/1915
Solution: upgrade to >= 1.10.4
Nokogiri gem, via libxslt, is affected by multiple vulnerabilities Open
nokogiri (1.6.7.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-13117
URL: https://github.com/sparklemotion/nokogiri/issues/1943
Solution: upgrade to >= 1.10.5
Update packaged dependency libxml2 from 2.9.10 to 2.9.12 Open
nokogiri (1.6.7.2)
- Read upRead up
- Exclude checks
Advisory:
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64
Solution: upgrade to >= 1.11.4
Out-of-bounds Write in zlib affects Nokogiri Open
nokogiri (1.6.7.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2018-25032
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5
Solution: upgrade to >= 1.13.4
Nokogiri gem, via libxml, is affected by DoS vulnerabilities Open
nokogiri (1.6.7.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2017-15412
URL: https://github.com/sparklemotion/nokogiri/issues/1714
Solution: upgrade to >= 1.8.2
Prototype pollution attack through jQuery $.extend Open
jquery-rails (4.0.5)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-11358
Criticality: Medium
URL: https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/
Solution: upgrade to >= 4.3.4
Inefficient Regular Expression Complexity in Loofah Open
loofah (2.0.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-23514
Criticality: High
URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-486f-hjj9-9vhh
Solution: upgrade to >= 2.19.1
Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability Open
nokogiri (1.6.7.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-26247
Criticality: Low
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m
Solution: upgrade to >= 1.11.0.rc4
Denial of Service (DoS) in Nokogiri on JRuby Open
nokogiri (1.6.7.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-24839
Criticality: High
URL: https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv
Solution: upgrade to >= 1.13.4
Inefficient Regular Expression Complexity in Nokogiri Open
nokogiri (1.6.7.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-24836
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8
Solution: upgrade to >= 1.13.4
Regular Expression Denial of Service in Addressable templates Open
addressable (2.3.8)
- Read upRead up
- Exclude checks
Advisory: CVE-2021-32740
Criticality: High
URL: https://github.com/advisories/GHSA-jxhc-q857-3j6g
Solution: upgrade to >= 2.8.0
Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer Open
rails-html-sanitizer (1.0.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-32209
Criticality: Medium
URL: https://groups.google.com/g/rubyonrails-security/c/ce9PhUANQ6s
Solution: upgrade to >= 1.4.3
Improper Handling of Unexpected Data Type in Nokogiri Open
nokogiri (1.6.7.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-29181
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m
Solution: upgrade to >= 1.13.6
Revert libxml2 behavior in Nokogiri gem that could cause XSS Open
nokogiri (1.6.7.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2018-8048
URL: https://github.com/sparklemotion/nokogiri/pull/1746
Solution: upgrade to >= 1.8.3