Sign upLogin

AndyObtiva/easily_typable

View on GitHub
Star

Showing 24 of 24 total issues

Regular Expression Denial of Service in Addressable templates
Open

    addressable (2.4.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-32740

Criticality: High

URL: https://github.com/advisories/GHSA-jxhc-q857-3j6g

Solution: upgrade to >= 2.8.0

Out-of-bounds Write in zlib affects Nokogiri
Open

    nokogiri (1.10.9)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-25032

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5

Solution: upgrade to >= 1.13.4

XML Injection in Xerces Java affects Nokogiri
Open

    nokogiri (1.10.9)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23437

Criticality: Medium

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xxx9-3xcr-gjj3

Solution: upgrade to >= 1.13.4

Denial of Service (DoS) in Nokogiri on JRuby
Open

    nokogiri (1.10.9)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-24839

Criticality: High

URL: https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv

Solution: upgrade to >= 1.13.4

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

    nokogiri (1.10.9)
Severity: Info
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-26247

Criticality: Low

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m

Solution: upgrade to >= 1.11.0.rc4

Code injection in ruby git
Open

    git (1.7.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-47318

Criticality: High

URL: https://github.com/ruby-git/ruby-git/pull/602

Solution: upgrade to >= 1.13.0

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

    nokogiri (1.10.9)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory:

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-cgx6-hpwq-fhv5

Solution: upgrade to >= 1.13.5

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

    nokogiri (1.10.9)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory:

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64

Solution: upgrade to >= 1.11.4

Inefficient Regular Expression Complexity in Nokogiri
Open

    nokogiri (1.10.9)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-24836

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8

Solution: upgrade to >= 1.13.4

Potential remote code execution in ruby-git
Open

    git (1.7.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-46648

Criticality: Medium

URL: https://github.com/ruby-git/ruby-git/pull/602

Solution: upgrade to >= 1.13.0

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

    nokogiri (1.10.9)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-30560

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2

Solution: upgrade to >= 1.13.2

Improper Handling of Unexpected Data Type in Nokogiri
Open

    nokogiri (1.10.9)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-29181

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m

Solution: upgrade to >= 1.13.6

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

    nokogiri (1.10.9)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-41098

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h

Solution: upgrade to >= 1.12.5

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

    nokogiri (1.10.9)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory:

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw

Solution: upgrade to >= 1.13.9

Command injection in ruby-git
Open

    git (1.7.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-25648

Criticality: Critical

URL: https://github.com/ruby-git/ruby-git/pull/569

Solution: upgrade to >= 1.11.0

Denial of service via multipart parsing in Rack
Open

    rack (2.2.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-44572

URL: https://github.com/rack/rack/releases/tag/v3.0.4.1

Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.1, ~> 2.2.6, >= 3.0.4.1

Denial of service via header parsing in Rack
Open

    rack (2.2.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-44570

URL: https://github.com/rack/rack/releases/tag/v3.0.4.1

Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.2, ~> 2.2.6, >= 3.0.4.1

Denial of Service Vulnerability in Rack Content-Disposition parsing
Open

    rack (2.2.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-44571

URL: https://github.com/rack/rack/releases/tag/v3.0.4.1

Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.1, ~> 2.2.6, >= 3.0.4.1

Possible shell escape sequence injection vulnerability in Rack
Open

    rack (2.2.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-30123

Criticality: Critical

URL: https://groups.google.com/g/ruby-security-ann/c/LWB10kWzag8

Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1

Useless private access modifier.
Open

    private
Severity: Minor
Found in lib/easily_typable.rb by rubocop

This cop checks for redundant access modifiers, including those with no code, those which are repeated, and leading public modifiers in a class or module body. Conditionally-defined methods are considered as always being defined, and thus access modifiers guarding such methods are not redundant.

Example:

class Foo
  public # this is redundant (default access is public)

  def method
  end

  private # this is not redundant (a method is defined)
  def method2
  end

  private # this is redundant (no following methods are defined)
end

Example:

class Foo
  # The following is not redundant (conditionally defined methods are
  # considered as always defining a method)
  private

  if condition?
    def method
    end
  end

  protected # this is not redundant (method is defined)

  define_method(:method2) do
  end

  protected # this is redundant (repeated from previous modifier)

  [1,2,3].each do |i|
    define_method("foo#{i}") do
    end
  end

  # The following is redundant (methods defined on the class'
  # singleton class are not affected by the public modifier)
  public

  def self.method3
  end
end

Example:

# Lint/UselessAccessModifier:
#   ContextCreatingMethods:
#     - concerning
require 'active_support/concern'
class Foo
  concerning :Bar do
    def some_public_method
    end

    private

    def some_private_method
    end
  end

  # this is not redundant because `concerning` created its own context
  private

  def some_other_private_method
  end
end

Example:

# Lint/UselessAccessModifier:
#   MethodCreatingMethods:
#     - delegate
require 'active_support/core_ext/module/delegation'
class Foo
  # this is not redundant because `delegate` creates methods
  private

  delegate :method_a, to: :method_b
end
Severity
Category
Status
Source
Language