Showing 24 of 24 total issues
Regular Expression Denial of Service in Addressable templates Open
addressable (2.4.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2021-32740
Criticality: High
URL: https://github.com/advisories/GHSA-jxhc-q857-3j6g
Solution: upgrade to >= 2.8.0
Out-of-bounds Write in zlib affects Nokogiri Open
nokogiri (1.10.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2018-25032
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5
Solution: upgrade to >= 1.13.4
XML Injection in Xerces Java affects Nokogiri Open
nokogiri (1.10.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-23437
Criticality: Medium
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xxx9-3xcr-gjj3
Solution: upgrade to >= 1.13.4
Denial of Service (DoS) in Nokogiri on JRuby Open
nokogiri (1.10.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-24839
Criticality: High
URL: https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv
Solution: upgrade to >= 1.13.4
Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability Open
nokogiri (1.10.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-26247
Criticality: Low
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m
Solution: upgrade to >= 1.11.0.rc4
Code injection in ruby git Open
git (1.7.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-47318
Criticality: High
URL: https://github.com/ruby-git/ruby-git/pull/602
Solution: upgrade to >= 1.13.0
Integer Overflow or Wraparound in libxml2 affects Nokogiri Open
nokogiri (1.10.9)
- Read upRead up
- Exclude checks
Advisory:
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-cgx6-hpwq-fhv5
Solution: upgrade to >= 1.13.5
Update packaged dependency libxml2 from 2.9.10 to 2.9.12 Open
nokogiri (1.10.9)
- Read upRead up
- Exclude checks
Advisory:
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64
Solution: upgrade to >= 1.11.4
Inefficient Regular Expression Complexity in Nokogiri Open
nokogiri (1.10.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-24836
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8
Solution: upgrade to >= 1.13.4
Potential remote code execution in ruby-git Open
git (1.7.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-46648
Criticality: Medium
URL: https://github.com/ruby-git/ruby-git/pull/602
Solution: upgrade to >= 1.13.0
Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35) Open
nokogiri (1.10.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2021-30560
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2
Solution: upgrade to >= 1.13.2
Improper Handling of Unexpected Data Type in Nokogiri Open
nokogiri (1.10.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-29181
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m
Solution: upgrade to >= 1.13.6
Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby Open
nokogiri (1.10.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2021-41098
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h
Solution: upgrade to >= 1.12.5
Update bundled libxml2 to v2.10.3 to resolve multiple CVEs Open
nokogiri (1.10.9)
- Read upRead up
- Exclude checks
Advisory:
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw
Solution: upgrade to >= 1.13.9
Command injection in ruby-git Open
git (1.7.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-25648
Criticality: Critical
URL: https://github.com/ruby-git/ruby-git/pull/569
Solution: upgrade to >= 1.11.0
Denial of service via multipart parsing in Rack Open
rack (2.2.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-44572
URL: https://github.com/rack/rack/releases/tag/v3.0.4.1
Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.1, ~> 2.2.6, >= 3.0.4.1
Denial of service via header parsing in Rack Open
rack (2.2.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-44570
URL: https://github.com/rack/rack/releases/tag/v3.0.4.1
Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.2, ~> 2.2.6, >= 3.0.4.1
Denial of Service Vulnerability in Rack Content-Disposition parsing Open
rack (2.2.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-44571
URL: https://github.com/rack/rack/releases/tag/v3.0.4.1
Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.1, ~> 2.2.6, >= 3.0.4.1
Possible shell escape sequence injection vulnerability in Rack Open
rack (2.2.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-30123
Criticality: Critical
URL: https://groups.google.com/g/ruby-security-ann/c/LWB10kWzag8
Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1
Useless private
access modifier. Open
private
- Read upRead up
- Exclude checks
This cop checks for redundant access modifiers, including those with no
code, those which are repeated, and leading public
modifiers in a
class or module body. Conditionally-defined methods are considered as
always being defined, and thus access modifiers guarding such methods
are not redundant.
Example:
class Foo
public # this is redundant (default access is public)
def method
end
private # this is not redundant (a method is defined)
def method2
end
private # this is redundant (no following methods are defined)
end
Example:
class Foo
# The following is not redundant (conditionally defined methods are
# considered as always defining a method)
private
if condition?
def method
end
end
protected # this is not redundant (method is defined)
define_method(:method2) do
end
protected # this is redundant (repeated from previous modifier)
[1,2,3].each do |i|
define_method("foo#{i}") do
end
end
# The following is redundant (methods defined on the class'
# singleton class are not affected by the public modifier)
public
def self.method3
end
end
Example:
# Lint/UselessAccessModifier:
# ContextCreatingMethods:
# - concerning
require 'active_support/concern'
class Foo
concerning :Bar do
def some_public_method
end
private
def some_private_method
end
end
# this is not redundant because `concerning` created its own context
private
def some_other_private_method
end
end
Example:
# Lint/UselessAccessModifier:
# MethodCreatingMethods:
# - delegate
require 'active_support/core_ext/module/delegation'
class Foo
# this is not redundant because `delegate` creates methods
private
delegate :method_a, to: :method_b
end