Gemfile.lock from BLSQ/orbf2

Gemfile.lock

Summary

Maintainability

Test Coverage

XSS Vulnerability on closeText option of Dialog jQuery UI
Open

    jquery-ui-rails (5.0.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2016-7103

Criticality: Medium

URL: https://github.com/jquery/api.jqueryui.com/issues/281

Solution: upgrade to >= 6.0.0

Out-of-bounds Write in zlib affects Nokogiri
Open

    nokogiri (1.12.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-25032

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5

Solution: upgrade to >= 1.13.4

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

    nokogiri (1.12.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-cgx6-hpwq-fhv5

Solution: upgrade to >= 1.13.5

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

    nokogiri (1.12.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-30560

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2

Solution: upgrade to >= 1.13.2

Improper neutralization of data URIs may allow XSS in Loofah
Open

    loofah (2.14.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23515

Criticality: Medium

URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-228g-948r-83gx

Solution: upgrade to >= 2.19.1

Denial of Service (DoS) in Nokogiri on JRuby
Open

    nokogiri (1.12.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-24839

Criticality: High

URL: https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv

Solution: upgrade to >= 1.13.4

Improper Handling of Unexpected Data Type in Nokogiri
Open

    nokogiri (1.12.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-29181

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m

Solution: upgrade to >= 1.13.6

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

    nokogiri (1.12.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw

Solution: upgrade to >= 1.13.9

Uncontrolled Recursion in Loofah
Open

    loofah (2.14.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23516

Criticality: High

URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-3x8r-x6xp-q4vm

Solution: upgrade to >= 2.19.1

httparty has multipart/form-data request tampering vulnerability
Open

    httparty (0.20.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

Criticality: Medium

URL: https://github.com/jnunemaker/httparty/security/advisories/GHSA-5pq7-52mg-hr42

Solution: upgrade to >= 0.21.0

Potential XSS vulnerability in jQuery
Open

    jquery-rails (4.3.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-11023

Criticality: Medium

URL: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released

Solution: upgrade to >= 4.4.0

Inefficient Regular Expression Complexity in Loofah
Open

    loofah (2.14.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23514

Criticality: High

URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-486f-hjj9-9vhh

Solution: upgrade to >= 2.19.1

Inefficient Regular Expression Complexity in Nokogiri
Open

    nokogiri (1.12.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-24836

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8

Solution: upgrade to >= 1.13.4

JMESPath for Ruby using JSON.load instead of JSON.parse
Open

    jmespath (1.4.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-32511

Criticality: Critical

URL: https://github.com/jmespath/jmespath.rb/pull/55

Solution: upgrade to >= 1.6.1

XML Injection in Xerces Java affects Nokogiri
Open

    nokogiri (1.12.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23437

Criticality: Medium

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xxx9-3xcr-gjj3

Solution: upgrade to >= 1.13.4

ReDoS based DoS vulnerability in Action Dispatch
Open

    actionpack (5.2.6.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2023-22795

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

ReDoS based DoS vulnerability in Action Dispatch
Open

    actionpack (5.2.6.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2023-22792

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Possible XSS Vulnerability in Action View tag helpers
Open

    actionview (5.2.6.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-27777

Criticality: Medium

URL: https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw

Solution: upgrade to >= 5.2.7.1, ~> 5.2.7, >= 6.0.4.8, ~> 6.0.4, >= 6.1.5.1, ~> 6.1.5, >= 7.0.2.4

Possible RCE escalation bug with Serialized Columns in Active Record
Open

    activerecord (5.2.6.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-32224

Criticality: Critical

URL: https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U

Solution: upgrade to >= 5.2.8.1, ~> 5.2.8, >= 6.0.5.1, ~> 6.0.5, >= 6.1.6.1, ~> 6.1.6, >= 7.0.3.1

Possible XSS Vulnerability in Action Pack
Open

    actionpack (5.2.6.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-22577

Criticality: Medium

URL: https://groups.google.com/g/ruby-security-ann/c/NuFRKaN5swI

Solution: upgrade to >= 5.2.7.1, ~> 5.2.7, >= 6.0.4.8, ~> 6.0.4, >= 6.1.5.1, ~> 6.1.5, >= 7.0.2.4

ReDoS based DoS vulnerability in GlobalID
Open

    globalid (1.0.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2023-22799

URL: https://github.com/rails/globalid/releases/tag/v1.0.1

Solution: upgrade to >= 1.0.1

ReDoS based DoS vulnerability in Active Support’s underscore
Open

    activesupport (5.2.6.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2023-22796

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

    rails-html-sanitizer (1.4.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23517

Criticality: High

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w

Solution: upgrade to >= 1.4.4

Denial of Service Vulnerability in Rack Content-Disposition parsing
Open

    rack (2.2.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-44571

URL: https://github.com/rack/rack/releases/tag/v3.0.4.1

Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.1, ~> 2.2.6, >= 3.0.4.1

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

    rails-html-sanitizer (1.4.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-32209

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/ce9PhUANQ6s

Solution: upgrade to >= 1.4.3

Denial of service via multipart parsing in Rack
Open

    rack (2.2.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-44572

URL: https://github.com/rack/rack/releases/tag/v3.0.4.1

Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.1, ~> 2.2.6, >= 3.0.4.1

Denial of service via header parsing in Rack
Open

    rack (2.2.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-44570

URL: https://github.com/rack/rack/releases/tag/v3.0.4.1

Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.2, ~> 2.2.6, >= 3.0.4.1

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

    rails-html-sanitizer (1.4.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23520

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8

Solution: upgrade to >= 1.4.4

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

    activerecord (5.2.6.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-44566

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

    rails-html-sanitizer (1.4.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23519

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h

Solution: upgrade to >= 1.4.4

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

    rails-html-sanitizer (1.4.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23518

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m

Solution: upgrade to >= 1.4.4

Possible code injection vulnerability in Rails / Active Storage
Open

    activestorage (5.2.6.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-21831

Criticality: Critical

URL: https://groups.google.com/g/rubyonrails-security/c/n-p-W1yxatI

Solution: upgrade to >= 5.2.6.3, ~> 5.2.6, >= 6.0.4.7, ~> 6.0.4, >= 6.1.4.7, ~> 6.1.4, >= 7.0.2.3

Denial of Service Vulnerability in Rack Multipart Parsing
Open

    rack (2.2.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-30122

Criticality: High

URL: https://groups.google.com/g/ruby-security-ann/c/L2Axto442qk

Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1

Possible shell escape sequence injection vulnerability in Rack
Open

    rack (2.2.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-30123

Criticality: Critical

URL: https://groups.google.com/g/ruby-security-ann/c/LWB10kWzag8

Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1

BLSQ/orbf2

Summary

Maintainability

Test Coverage

XSS Vulnerability on closeText option of Dialog jQuery UI Open

Out-of-bounds Write in zlib affects Nokogiri Open

Integer Overflow or Wraparound in libxml2 affects Nokogiri Open

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35) Open

Improper neutralization of data URIs may allow XSS in Loofah Open

Denial of Service (DoS) in Nokogiri on JRuby Open

Improper Handling of Unexpected Data Type in Nokogiri Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs Open

Uncontrolled Recursion in Loofah Open

httparty has multipart/form-data request tampering vulnerability Open

Potential XSS vulnerability in jQuery Open

Inefficient Regular Expression Complexity in Loofah Open

Inefficient Regular Expression Complexity in Nokogiri Open

JMESPath for Ruby using JSON.load instead of JSON.parse Open

XML Injection in Xerces Java affects Nokogiri Open

ReDoS based DoS vulnerability in Action Dispatch Open

ReDoS based DoS vulnerability in Action Dispatch Open

Possible XSS Vulnerability in Action View tag helpers Open

Possible RCE escalation bug with Serialized Columns in Active Record Open

Possible XSS Vulnerability in Action Pack Open

ReDoS based DoS vulnerability in GlobalID Open

ReDoS based DoS vulnerability in Active Support’s underscore Open

Inefficient Regular Expression Complexity in rails-html-sanitizer Open

Denial of Service Vulnerability in Rack Content-Disposition parsing Open

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer Open

Denial of service via multipart parsing in Rack Open

Denial of service via header parsing in Rack Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer Open

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer Open

Possible code injection vulnerability in Rails / Active Storage Open

Denial of Service Vulnerability in Rack Multipart Parsing Open

Possible shell escape sequence injection vulnerability in Rack Open

There are no issues that match your filters.

Category

Status

XSS Vulnerability on closeText option of Dialog jQuery UI
Open

Out-of-bounds Write in zlib affects Nokogiri
Open

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

Improper neutralization of data URIs may allow XSS in Loofah
Open

Denial of Service (DoS) in Nokogiri on JRuby
Open

Improper Handling of Unexpected Data Type in Nokogiri
Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

Uncontrolled Recursion in Loofah
Open

httparty has multipart/form-data request tampering vulnerability
Open

Potential XSS vulnerability in jQuery
Open

Inefficient Regular Expression Complexity in Loofah
Open

Inefficient Regular Expression Complexity in Nokogiri
Open

JMESPath for Ruby using JSON.load instead of JSON.parse
Open

XML Injection in Xerces Java affects Nokogiri
Open

ReDoS based DoS vulnerability in Action Dispatch
Open

ReDoS based DoS vulnerability in Action Dispatch
Open

Possible XSS Vulnerability in Action View tag helpers
Open

Possible RCE escalation bug with Serialized Columns in Active Record
Open

Possible XSS Vulnerability in Action Pack
Open

ReDoS based DoS vulnerability in GlobalID
Open

ReDoS based DoS vulnerability in Active Support’s underscore
Open

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

Denial of Service Vulnerability in Rack Content-Disposition parsing
Open

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

Denial of service via multipart parsing in Rack
Open

Denial of service via header parsing in Rack
Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

Possible code injection vulnerability in Rails / Active Storage
Open

Denial of Service Vulnerability in Rack Multipart Parsing
Open

Possible shell escape sequence injection vulnerability in Rack
Open