Showing 792 of 792 total issues
ReDoS based DoS vulnerability in GlobalID Open
globalid (0.4.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2023-22799
URL: https://github.com/rails/globalid/releases/tag/v1.0.1
Solution: upgrade to >= 1.0.1
Class has too many lines. [165/100] Open
class Organisation < BaseOrganisation
has_many :volunteer_ops
has_many :users
has_many :edits, class_name: 'ProposedOrganisationEdit', dependent: :destroy
- Read upRead up
- Exclude checks
This cop checks if the length a class exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
Class has too many lines. [136/100] Open
class ApplicationController < ActionController::Base
protect_from_forgery
before_action :store_location,
:assign_footer_page_links,
:set_tags,
- Read upRead up
- Exclude checks
This cop checks if the length a class exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
Class has too many lines. [131/100] Open
class VolunteerOpsController < ApplicationController
layout :choose_layout
before_action :set_organisation, only: [:new, :create]
before_action :authorize, except: [:search, :show, :index]
- Read upRead up
- Exclude checks
This cop checks if the length a class exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
Class has too many lines. [106/100] Open
class OrganisationsController < BaseOrganisationsController
layout :choose_layout
before_action :authenticate_user!, except: [:search, :index, :show]
prepend_before_action :set_organisation, only: [:show, :update, :edit]
- Read upRead up
- Exclude checks
This cop checks if the length a class exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
Potential XSS vulnerability in jQuery Open
jquery-rails (4.3.5)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-11023
Criticality: Medium
URL: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released
Solution: upgrade to >= 4.4.0
Inefficient Regular Expression Complexity in rails-html-sanitizer Open
rails-html-sanitizer (1.3.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-23517
Criticality: High
URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w
Solution: upgrade to >= 1.4.4
Denial of Service (DoS) in Nokogiri on JRuby Open
nokogiri (1.10.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-24839
Criticality: High
URL: https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv
Solution: upgrade to >= 1.13.4
Improper Handling of Unexpected Data Type in Nokogiri Open
nokogiri (1.10.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-29181
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m
Solution: upgrade to >= 1.13.6
Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability Open
nokogiri (1.10.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-26247
Criticality: Low
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m
Solution: upgrade to >= 1.11.0.rc4
sinatra does not validate expanded path matches Open
sinatra (2.0.8.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-29970
Criticality: High
URL: https://github.com/sinatra/sinatra/pull/1683
Solution: upgrade to >= 2.2.0
Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer Open
rails-html-sanitizer (1.3.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-32209
Criticality: Medium
URL: https://groups.google.com/g/rubyonrails-security/c/ce9PhUANQ6s
Solution: upgrade to >= 1.4.3
Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby Open
nokogiri (1.10.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2021-41098
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h
Solution: upgrade to >= 1.12.5
Uncontrolled Recursion in Loofah Open
loofah (2.5.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-23516
Criticality: High
URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-3x8r-x6xp-q4vm
Solution: upgrade to >= 2.19.1
Improper neutralization of data URIs may allow XSS in Loofah Open
loofah (2.5.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-23515
Criticality: Medium
URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-228g-948r-83gx
Solution: upgrade to >= 2.19.1
XML Injection in Xerces Java affects Nokogiri Open
nokogiri (1.10.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-23437
Criticality: Medium
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xxx9-3xcr-gjj3
Solution: upgrade to >= 1.13.4
Sort order SQL injection via direction
parameter in administrate Open
administrate (0.12.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-5257
Criticality: High
URL: https://github.com/advisories/GHSA-2p5p-m353-833w
Solution: upgrade to >= 0.13.0
Update bundled libxml2 to v2.10.3 to resolve multiple CVEs Open
nokogiri (1.10.9)
- Read upRead up
- Exclude checks
Advisory:
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw
Solution: upgrade to >= 1.13.9
Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35) Open
nokogiri (1.10.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2021-30560
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2
Solution: upgrade to >= 1.13.2
Improper neutralization of data URIs may allow XSS in rails-html-sanitizer Open
rails-html-sanitizer (1.3.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-23518
Criticality: Medium
URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m
Solution: upgrade to >= 1.4.4