Showing 792 of 792 total issues
Potential XSS vulnerability in jQuery Open
jquery-rails (4.3.5)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-11023
Criticality: Medium
URL: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released
Solution: upgrade to >= 4.4.0
Uncontrolled Recursion in Loofah Open
loofah (2.5.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-23516
Criticality: High
URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-3x8r-x6xp-q4vm
Solution: upgrade to >= 2.19.1
httparty has multipart/form-data request tampering vulnerability Open
httparty (0.18.0)
- Read upRead up
- Exclude checks
Advisory:
Criticality: Medium
URL: https://github.com/jnunemaker/httparty/security/advisories/GHSA-5pq7-52mg-hr42
Solution: upgrade to >= 0.21.0
Out-of-bounds Write in zlib affects Nokogiri Open
nokogiri (1.10.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2018-25032
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5
Solution: upgrade to >= 1.13.4
Improper Handling of Unexpected Data Type in Nokogiri Open
nokogiri (1.10.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-29181
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m
Solution: upgrade to >= 1.13.6
Cross-Site Scripting in Kaminari via original_script_name
parameter Open
kaminari (1.1.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-11082
Criticality: Medium
URL: https://github.com/kaminari/kaminari/security/advisories/GHSA-r5jw-62xg-j433
Solution: upgrade to >= 1.2.1
Sinatra vulnerable to Reflected File Download attack Open
sinatra (2.0.8.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-45442
Criticality: High
URL: https://github.com/sinatra/sinatra/security/advisories/GHSA-2x8x-jmrp-phxw
Solution: upgrade to ~> 2.2.3, >= 3.0.4
Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby Open
nokogiri (1.10.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2021-41098
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h
Solution: upgrade to >= 1.12.5
Update packaged dependency libxml2 from 2.9.10 to 2.9.12 Open
nokogiri (1.10.9)
- Read upRead up
- Exclude checks
Advisory:
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64
Solution: upgrade to >= 1.11.4
Denial of Service (DoS) in Nokogiri on JRuby Open
nokogiri (1.10.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-24839
Criticality: High
URL: https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv
Solution: upgrade to >= 1.13.4
Possible XSS vulnerability with certain configurations of rails-html-sanitizer Open
rails-html-sanitizer (1.3.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-23519
Criticality: Medium
URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h
Solution: upgrade to >= 1.4.4
Method has too many lines. [22/7] (https://github.com/bbatsov/ruby-style-guide#short-methods) Open
def build_single_marker(model, marker)
location = model.first
models = model.last
if model.first.try(:source)
source = VolunteerOp.get_source(models)
- Read upRead up
- Exclude checks
This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
Class Organisation
has 28 methods (exceeds 20 allowed). Consider refactoring. Open
class Organisation < BaseOrganisation
has_many :volunteer_ops
has_many :users
has_many :edits, class_name: 'ProposedOrganisationEdit', dependent: :destroy
Method has too many lines. [18/7] (https://github.com/bbatsov/ruby-style-guide#short-methods) Open
def self.build params
params.require(:proposed_organisation).permit(
:superadmin_email_to_add,
:description,
:address,
- Read upRead up
- Exclude checks
This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
Class ApplicationController
has 25 methods (exceeds 20 allowed). Consider refactoring. Open
class ApplicationController < ActionController::Base
protect_from_forgery
before_action :store_location,
:assign_footer_page_links,
:set_tags,
Method has too many lines. [15/7] (https://github.com/bbatsov/ruby-style-guide#short-methods) Open
def devise_error_messages!
return "" if resource.errors.empty?
errors = resource.errors
reset_token_error = errors.to_hash.fetch(:reset_password_token,'')
- Read upRead up
- Exclude checks
This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
Method has too many lines. [15/7] (https://github.com/bbatsov/ruby-style-guide#short-methods) Open
def organisation_params
params.require(:organisation).permit(
:superadmin_email_to_add,
:description,
:address,
- Read upRead up
- Exclude checks
This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
Class VolunteerOpsController
has 23 methods (exceeds 20 allowed). Consider refactoring. Open
class VolunteerOpsController < ApplicationController
layout :choose_layout
before_action :set_organisation, only: [:new, :create]
before_action :authorize, except: [:search, :show, :index]
Method has too many lines. [13/7] (https://github.com/bbatsov/ruby-style-guide#short-methods) Open
def build_map_markers(organisations)
::MapMarkerJson.build(organisations) do |org, marker|
marker.lat org.latitude
marker.lng org.longitude
marker.infowindow render_to_string(partial: 'organisations/popup', locals: {org: org})
- Read upRead up
- Exclude checks
This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
Method has too many lines. [13/7] (https://github.com/bbatsov/ruby-style-guide#short-methods) Open
def populate_vol_op_attributes model, op
location = Location.new longitude: op['lng'], latitude: op['lat']
model.source = 'doit'
model.latitude = location.latitude
model.longitude = location.longitude
- Read upRead up
- Exclude checks
This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.