Showing 51 of 51 total issues
ReDoS based DoS vulnerability in GlobalID Open
globalid (0.4.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2023-22799
URL: https://github.com/rails/globalid/releases/tag/v1.0.1
Solution: upgrade to >= 1.0.1
Improper neutralization of data URIs may allow XSS in Loofah Open
loofah (2.3.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-23515
Criticality: Medium
URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-228g-948r-83gx
Solution: upgrade to >= 2.19.1
Possible XSS vulnerability with certain configurations of rails-html-sanitizer Open
rails-html-sanitizer (1.2.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-23519
Criticality: Medium
URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h
Solution: upgrade to >= 1.4.4
ReDoS based DoS vulnerability in Action Dispatch Open
actionpack (6.0.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2023-22792
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1
Inefficient Regular Expression Complexity in Loofah Open
loofah (2.3.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-23514
Criticality: High
URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-486f-hjj9-9vhh
Solution: upgrade to >= 2.19.1
Possible XSS vulnerability with certain configurations of rails-html-sanitizer Open
rails-html-sanitizer (1.2.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-23520
Criticality: Medium
URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8
Solution: upgrade to >= 1.4.4
ReDoS based DoS vulnerability in Action Dispatch Open
actionpack (6.0.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2023-22795
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1
Improper neutralization of data URIs may allow XSS in rails-html-sanitizer Open
rails-html-sanitizer (1.2.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-23518
Criticality: Medium
URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m
Solution: upgrade to >= 1.4.4
Uncontrolled Recursion in Loofah Open
loofah (2.3.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-23516
Criticality: High
URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-3x8r-x6xp-q4vm
Solution: upgrade to >= 2.19.1
ReDoS based DoS vulnerability in Active Support’s underscore Open
activesupport (6.0.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2023-22796
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1
Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer Open
rails-html-sanitizer (1.2.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-32209
Criticality: Medium
URL: https://groups.google.com/g/rubyonrails-security/c/ce9PhUANQ6s
Solution: upgrade to >= 1.4.3
Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter Open
activerecord (6.0.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-44566
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1
Inefficient Regular Expression Complexity in rails-html-sanitizer Open
rails-html-sanitizer (1.2.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-23517
Criticality: High
URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w
Solution: upgrade to >= 1.4.4
Method phonemes
has a Cognitive Complexity of 29 (exceeds 5 allowed). Consider refactoring. Open
def phonemes
@completed = []
# For each raw character :
@hebword.chars.each_with_index do |char,i|
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Cyclomatic complexity for phonemes is too high. [17/6] Open
def phonemes
@completed = []
# For each raw character :
@hebword.chars.each_with_index do |char,i|
- Read upRead up
- Exclude checks
This cop checks that the cyclomatic complexity of methods is not higher than the configured maximum. The cyclomatic complexity is the number of linearly independent paths through a method. The algorithm counts decision points and adds one.
An if statement (or unless or ?:) increases the complexity by one. An else branch does not, since it doesn't add a decision point. The && operator (or keyword and) can be converted to a nested if statement, and ||/or is shorthand for a sequence of ifs, so they also add one. Loops can be said to have an exit condition, so they add one.
Method has too many lines. [31/30] Open
def phonemes
@completed = []
# For each raw character :
@hebword.chars.each_with_index do |char,i|
- Read upRead up
- Exclude checks
This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
Method phonemes
has 31 lines of code (exceeds 25 allowed). Consider refactoring. Open
def phonemes
@completed = []
# For each raw character :
@hebword.chars.each_with_index do |char,i|
Possible Information Disclosure / Unintended Method Execution in Action Pack Open
actionpack (6.0.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2021-22885
Criticality: High
URL: https://groups.google.com/g/rubyonrails-security/c/NiQl-48cXYI
Solution: upgrade to ~> 5.2.4.6, ~> 5.2.6, >= 6.0.3.7, ~> 6.0.3, >= 6.1.3.2
Possible XSS Vulnerability in Action Pack in Development Mode Open
actionpack (6.0.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-8264
Criticality: Medium
URL: https://groups.google.com/g/rubyonrails-security/c/yQzUVfv42jk
Solution: upgrade to >= 6.0.3.4
Possible RCE escalation bug with Serialized Columns in Active Record Open
activerecord (6.0.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-32224
Criticality: Critical
URL: https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U
Solution: upgrade to >= 5.2.8.1, ~> 5.2.8, >= 6.0.5.1, ~> 6.0.5, >= 6.1.6.1, ~> 6.1.6, >= 7.0.3.1