Sign upLogin

AnalyzePlatypus/TranslitKit

View on GitHub
Star

Showing 51 of 51 total issues

ReDoS based DoS vulnerability in GlobalID
Open

    globalid (0.4.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2023-22799

URL: https://github.com/rails/globalid/releases/tag/v1.0.1

Solution: upgrade to >= 1.0.1

Improper neutralization of data URIs may allow XSS in Loofah
Open

    loofah (2.3.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23515

Criticality: Medium

URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-228g-948r-83gx

Solution: upgrade to >= 2.19.1

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

    rails-html-sanitizer (1.2.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23519

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h

Solution: upgrade to >= 1.4.4

ReDoS based DoS vulnerability in Action Dispatch
Open

    actionpack (6.0.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2023-22792

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Inefficient Regular Expression Complexity in Loofah
Open

    loofah (2.3.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23514

Criticality: High

URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-486f-hjj9-9vhh

Solution: upgrade to >= 2.19.1

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

    rails-html-sanitizer (1.2.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23520

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8

Solution: upgrade to >= 1.4.4

ReDoS based DoS vulnerability in Action Dispatch
Open

    actionpack (6.0.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2023-22795

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

    rails-html-sanitizer (1.2.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23518

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m

Solution: upgrade to >= 1.4.4

Uncontrolled Recursion in Loofah
Open

    loofah (2.3.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23516

Criticality: High

URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-3x8r-x6xp-q4vm

Solution: upgrade to >= 2.19.1

ReDoS based DoS vulnerability in Active Support’s underscore
Open

    activesupport (6.0.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2023-22796

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

    rails-html-sanitizer (1.2.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-32209

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/ce9PhUANQ6s

Solution: upgrade to >= 1.4.3

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

    activerecord (6.0.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-44566

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

    rails-html-sanitizer (1.2.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23517

Criticality: High

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w

Solution: upgrade to >= 1.4.4

Method phonemes has a Cognitive Complexity of 29 (exceeds 5 allowed). Consider refactoring.
Open

  def phonemes
        @completed = []

        # For each raw character :
        @hebword.chars.each_with_index do |char,i|
Severity: Minor
Found in lib/phonemizer.rb - About 4 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Cyclomatic complexity for phonemes is too high. [17/6]
Open

  def phonemes
        @completed = []

        # For each raw character :
        @hebword.chars.each_with_index do |char,i|
Severity: Minor
Found in lib/phonemizer.rb by rubocop

This cop checks that the cyclomatic complexity of methods is not higher than the configured maximum. The cyclomatic complexity is the number of linearly independent paths through a method. The algorithm counts decision points and adds one.

An if statement (or unless or ?:) increases the complexity by one. An else branch does not, since it doesn't add a decision point. The && operator (or keyword and) can be converted to a nested if statement, and ||/or is shorthand for a sequence of ifs, so they also add one. Loops can be said to have an exit condition, so they add one.

Method has too many lines. [31/30]
Open

  def phonemes
        @completed = []

        # For each raw character :
        @hebword.chars.each_with_index do |char,i|
Severity: Minor
Found in lib/phonemizer.rb by rubocop

This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

Method phonemes has 31 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def phonemes
        @completed = []

        # For each raw character :
        @hebword.chars.each_with_index do |char,i|
Severity: Minor
Found in lib/phonemizer.rb - About 1 hr to fix

    Possible Information Disclosure / Unintended Method Execution in Action Pack
    Open

        actionpack (6.0.0)
    Severity: Critical
    Found in Gemfile.lock by bundler-audit

    Advisory: CVE-2021-22885

    Criticality: High

    URL: https://groups.google.com/g/rubyonrails-security/c/NiQl-48cXYI

    Solution: upgrade to ~> 5.2.4.6, ~> 5.2.6, >= 6.0.3.7, ~> 6.0.3, >= 6.1.3.2

    Possible XSS Vulnerability in Action Pack in Development Mode
    Open

        actionpack (6.0.0)
    Severity: Minor
    Found in Gemfile.lock by bundler-audit

    Advisory: CVE-2020-8264

    Criticality: Medium

    URL: https://groups.google.com/g/rubyonrails-security/c/yQzUVfv42jk

    Solution: upgrade to >= 6.0.3.4

    Possible RCE escalation bug with Serialized Columns in Active Record
    Open

        activerecord (6.0.0)
    Severity: Minor
    Found in Gemfile.lock by bundler-audit

    Advisory: CVE-2022-32224

    Criticality: Critical

    URL: https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U

    Solution: upgrade to >= 5.2.8.1, ~> 5.2.8, >= 6.0.5.1, ~> 6.0.5, >= 6.1.6.1, ~> 6.1.6, >= 7.0.3.1

    Severity
    Category
    Status
    Source
    Language