AgileVentures/LocalSupport

View on GitHub

Showing 792 of 792 total issues

ReDoS based DoS vulnerability in GlobalID
Open

    globalid (0.4.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2023-22799

URL: https://github.com/rails/globalid/releases/tag/v1.0.1

Solution: upgrade to >= 1.0.1

Class has too many lines. [165/100]
Open

class Organisation < BaseOrganisation

  has_many :volunteer_ops
  has_many :users
  has_many :edits, class_name: 'ProposedOrganisationEdit', dependent: :destroy
Severity: Minor
Found in app/models/organisation.rb by rubocop

This cop checks if the length a class exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

Class has too many lines. [136/100]
Open

class ApplicationController < ActionController::Base
  protect_from_forgery
  before_action :store_location,
                :assign_footer_page_links,
                :set_tags,

This cop checks if the length a class exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

Class has too many lines. [131/100]
Open

class VolunteerOpsController < ApplicationController
  layout :choose_layout

  before_action :set_organisation, only: [:new, :create]
  before_action :authorize, except: [:search, :show, :index]

This cop checks if the length a class exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

Class has too many lines. [106/100]
Open

class OrganisationsController < BaseOrganisationsController
  layout :choose_layout

  before_action :authenticate_user!, except: [:search, :index, :show]
  prepend_before_action :set_organisation, only: [:show, :update, :edit]

This cop checks if the length a class exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

Potential XSS vulnerability in jQuery
Open

    jquery-rails (4.3.5)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-11023

Criticality: Medium

URL: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released

Solution: upgrade to >= 4.4.0

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

    rails-html-sanitizer (1.3.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23517

Criticality: High

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w

Solution: upgrade to >= 1.4.4

Denial of Service (DoS) in Nokogiri on JRuby
Open

    nokogiri (1.10.9)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-24839

Criticality: High

URL: https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv

Solution: upgrade to >= 1.13.4

Improper Handling of Unexpected Data Type in Nokogiri
Open

    nokogiri (1.10.9)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-29181

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m

Solution: upgrade to >= 1.13.6

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

    nokogiri (1.10.9)
Severity: Info
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-26247

Criticality: Low

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m

Solution: upgrade to >= 1.11.0.rc4

sinatra does not validate expanded path matches
Open

    sinatra (2.0.8.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-29970

Criticality: High

URL: https://github.com/sinatra/sinatra/pull/1683

Solution: upgrade to >= 2.2.0

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

    rails-html-sanitizer (1.3.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-32209

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/ce9PhUANQ6s

Solution: upgrade to >= 1.4.3

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

    nokogiri (1.10.9)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-41098

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h

Solution: upgrade to >= 1.12.5

Uncontrolled Recursion in Loofah
Open

    loofah (2.5.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23516

Criticality: High

URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-3x8r-x6xp-q4vm

Solution: upgrade to >= 2.19.1

Improper neutralization of data URIs may allow XSS in Loofah
Open

    loofah (2.5.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23515

Criticality: Medium

URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-228g-948r-83gx

Solution: upgrade to >= 2.19.1

XML Injection in Xerces Java affects Nokogiri
Open

    nokogiri (1.10.9)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23437

Criticality: Medium

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xxx9-3xcr-gjj3

Solution: upgrade to >= 1.13.4

Sort order SQL injection via direction parameter in administrate
Open

    administrate (0.12.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-5257

Criticality: High

URL: https://github.com/advisories/GHSA-2p5p-m353-833w

Solution: upgrade to >= 0.13.0

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

    nokogiri (1.10.9)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

    nokogiri (1.10.9)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-30560

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2

Solution: upgrade to >= 1.13.2

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

    rails-html-sanitizer (1.3.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23518

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m

Solution: upgrade to >= 1.4.4

Severity
Category
Status
Source
Language