Sign upLogin

AgileVentures/LocalSupport

View on GitHub
Star

Showing 792 of 792 total issues

Potential XSS vulnerability in jQuery
Open

    jquery-rails (4.3.5)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-11023

Criticality: Medium

URL: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released

Solution: upgrade to >= 4.4.0

Uncontrolled Recursion in Loofah
Open

    loofah (2.5.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23516

Criticality: High

URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-3x8r-x6xp-q4vm

Solution: upgrade to >= 2.19.1

httparty has multipart/form-data request tampering vulnerability
Open

    httparty (0.18.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory:

Criticality: Medium

URL: https://github.com/jnunemaker/httparty/security/advisories/GHSA-5pq7-52mg-hr42

Solution: upgrade to >= 0.21.0

Out-of-bounds Write in zlib affects Nokogiri
Open

    nokogiri (1.10.9)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-25032

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5

Solution: upgrade to >= 1.13.4

Improper Handling of Unexpected Data Type in Nokogiri
Open

    nokogiri (1.10.9)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-29181

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m

Solution: upgrade to >= 1.13.6

Cross-Site Scripting in Kaminari via original_script_name parameter
Open

    kaminari (1.1.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-11082

Criticality: Medium

URL: https://github.com/kaminari/kaminari/security/advisories/GHSA-r5jw-62xg-j433

Solution: upgrade to >= 1.2.1

Sinatra vulnerable to Reflected File Download attack
Open

    sinatra (2.0.8.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-45442

Criticality: High

URL: https://github.com/sinatra/sinatra/security/advisories/GHSA-2x8x-jmrp-phxw

Solution: upgrade to ~> 2.2.3, >= 3.0.4

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

    nokogiri (1.10.9)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-41098

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h

Solution: upgrade to >= 1.12.5

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

    nokogiri (1.10.9)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory:

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64

Solution: upgrade to >= 1.11.4

Denial of Service (DoS) in Nokogiri on JRuby
Open

    nokogiri (1.10.9)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-24839

Criticality: High

URL: https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv

Solution: upgrade to >= 1.13.4

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

    rails-html-sanitizer (1.3.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23519

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h

Solution: upgrade to >= 1.4.4

Method has too many lines. [22/7] (https://github.com/bbatsov/ruby-style-guide#short-methods)
Open

  def build_single_marker(model, marker)
    location = model.first
    models = model.last
    if model.first.try(:source)
      source = VolunteerOp.get_source(models)
Severity: Minor
Found in app/services/build_markers_with_info_window.rb by rubocop

This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

Class Organisation has 28 methods (exceeds 20 allowed). Consider refactoring.
Open

class Organisation < BaseOrganisation

  has_many :volunteer_ops
  has_many :users
  has_many :edits, class_name: 'ProposedOrganisationEdit', dependent: :destroy
Severity: Minor
Found in app/models/organisation.rb - About 3 hrs to fix

    Method has too many lines. [18/7] (https://github.com/bbatsov/ruby-style-guide#short-methods)
    Open

      def self.build params
    params.require(:proposed_organisation).permit(
      :superadmin_email_to_add,
      :description,
      :address,
    Severity: Minor
    Found in app/controllers/proposed_organisations_controller.rb by rubocop

    This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

    Class ApplicationController has 25 methods (exceeds 20 allowed). Consider refactoring.
    Open

    class ApplicationController < ActionController::Base
  protect_from_forgery
  before_action :store_location,
                :assign_footer_page_links,
                :set_tags,
    Severity: Minor
    Found in app/controllers/application_controller.rb - About 2 hrs to fix

      Method has too many lines. [15/7] (https://github.com/bbatsov/ruby-style-guide#short-methods)
      Open

        def devise_error_messages!
    return "" if resource.errors.empty?

    errors = resource.errors
    reset_token_error = errors.to_hash.fetch(:reset_password_token,'')
      Severity: Minor
      Found in app/helpers/devise_helper.rb by rubocop

      This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

      Method has too many lines. [15/7] (https://github.com/bbatsov/ruby-style-guide#short-methods)
      Open

        def organisation_params
    params.require(:organisation).permit(
      :superadmin_email_to_add,
      :description,
      :address,
      Severity: Minor
      Found in app/controllers/organisations_controller.rb by rubocop

      This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

      Class VolunteerOpsController has 23 methods (exceeds 20 allowed). Consider refactoring.
      Open

      class VolunteerOpsController < ApplicationController
  layout :choose_layout

  before_action :set_organisation, only: [:new, :create]
  before_action :authorize, except: [:search, :show, :index]
      Severity: Minor
      Found in app/controllers/volunteer_ops_controller.rb - About 2 hrs to fix

        Method has too many lines. [13/7] (https://github.com/bbatsov/ruby-style-guide#short-methods)
        Open

          def build_map_markers(organisations)
    ::MapMarkerJson.build(organisations) do |org, marker|
      marker.lat org.latitude
      marker.lng org.longitude
      marker.infowindow render_to_string(partial: 'organisations/popup', locals: {org: org})
        Severity: Minor
        Found in app/controllers/base_organisations_controller.rb by rubocop

        This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

        Method has too many lines. [13/7] (https://github.com/bbatsov/ruby-style-guide#short-methods)
        Open

          def populate_vol_op_attributes model, op
    location = Location.new longitude: op['lng'], latitude: op['lat']
    model.source        = 'doit'
    model.latitude      = location.latitude
    model.longitude     = location.longitude
        Severity: Minor
        Found in app/services/import_do_it_volunteer_opportunities.rb by rubocop

        This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

        Severity
        Category
        Status
        Source
        Language