Showing 1,550 of 1,556 total issues
XSS Vulnerability on closeText option of Dialog jQuery UI Open
jquery-ui-rails (5.0.5)- Read upRead up
- Exclude checks
Advisory: CVE-2016-7103
Criticality: Medium
URL: https://github.com/jquery/api.jqueryui.com/issues/281
Solution: upgrade to >= 6.0.0
Method has too many lines. [246/10] Open
def build(project_props = { dhis2_url: "http://play.dhis2.org/demo", user: "admin", password: "district", bypass_ssl: false })
project = Project.new({
name: "Sierra Leone PBF"
}.merge(project_props))
- Read upRead up
- Exclude checks
This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
Method build has 246 lines of code (exceeds 25 allowed). Consider refactoring. Open
def build(project_props = { dhis2_url: "http://play.dhis2.org/demo", user: "admin", password: "district", bypass_ssl: false })
project = Project.new({
name: "Sierra Leone PBF"
}.merge(project_props))
Out-of-bounds Write in zlib affects Nokogiri Open
nokogiri (1.12.5)- Read upRead up
- Exclude checks
Advisory: CVE-2018-25032
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5
Solution: upgrade to >= 1.13.4
Integer Overflow or Wraparound in libxml2 affects Nokogiri Open
nokogiri (1.12.5)- Read upRead up
- Exclude checks
Advisory:
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-cgx6-hpwq-fhv5
Solution: upgrade to >= 1.13.5
Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35) Open
nokogiri (1.12.5)- Read upRead up
- Exclude checks
Advisory: CVE-2021-30560
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2
Solution: upgrade to >= 1.13.2
Improper neutralization of data URIs may allow XSS in Loofah Open
loofah (2.14.0)- Read upRead up
- Exclude checks
Advisory: CVE-2022-23515
Criticality: Medium
URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-228g-948r-83gx
Solution: upgrade to >= 2.19.1
Denial of Service (DoS) in Nokogiri on JRuby Open
nokogiri (1.12.5)- Read upRead up
- Exclude checks
Advisory: CVE-2022-24839
Criticality: High
URL: https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv
Solution: upgrade to >= 1.13.4
Improper Handling of Unexpected Data Type in Nokogiri Open
nokogiri (1.12.5)- Read upRead up
- Exclude checks
Advisory: CVE-2022-29181
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m
Solution: upgrade to >= 1.13.6
Update bundled libxml2 to v2.10.3 to resolve multiple CVEs Open
nokogiri (1.12.5)- Read upRead up
- Exclude checks
Advisory:
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw
Solution: upgrade to >= 1.13.9
Uncontrolled Recursion in Loofah Open
loofah (2.14.0)- Read upRead up
- Exclude checks
Advisory: CVE-2022-23516
Criticality: High
URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-3x8r-x6xp-q4vm
Solution: upgrade to >= 2.19.1
httparty has multipart/form-data request tampering vulnerability Open
httparty (0.20.0)- Read upRead up
- Exclude checks
Advisory:
Criticality: Medium
URL: https://github.com/jnunemaker/httparty/security/advisories/GHSA-5pq7-52mg-hr42
Solution: upgrade to >= 0.21.0
Potential XSS vulnerability in jQuery Open
jquery-rails (4.3.5)- Read upRead up
- Exclude checks
Advisory: CVE-2020-11023
Criticality: Medium
URL: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released
Solution: upgrade to >= 4.4.0
Inefficient Regular Expression Complexity in Loofah Open
loofah (2.14.0)- Read upRead up
- Exclude checks
Advisory: CVE-2022-23514
Criticality: High
URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-486f-hjj9-9vhh
Solution: upgrade to >= 2.19.1
Inefficient Regular Expression Complexity in Nokogiri Open
nokogiri (1.12.5)- Read upRead up
- Exclude checks
Advisory: CVE-2022-24836
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8
Solution: upgrade to >= 1.13.4
JMESPath for Ruby using JSON.load instead of JSON.parse Open
jmespath (1.4.0)- Read upRead up
- Exclude checks
Advisory: CVE-2022-32511
Criticality: Critical
URL: https://github.com/jmespath/jmespath.rb/pull/55
Solution: upgrade to >= 1.6.1
XML Injection in Xerces Java affects Nokogiri Open
nokogiri (1.12.5)- Read upRead up
- Exclude checks
Advisory: CVE-2022-23437
Criticality: Medium
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xxx9-3xcr-gjj3
Solution: upgrade to >= 1.13.4
Method has too many lines. [59/10] Open
def create_dataset(package, state, data_element_ids)
ds_code = "ORBF-#{state.code}-#{package.name}"[0..49]
ds_name = "ORBF - #{state.name.pluralize.humanize} - #{package.name}"
ds = [
{ name: ds_name,- Read upRead up
- Exclude checks
This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
Method has too many lines. [57/10] Open
def update_links(project, suffix = "")
project.build_entity_group(
name: "contracted entities",
external_reference: "external_reference"
)- Read upRead up
- Exclude checks
This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
Method has too many lines. [48/10] Open
def callback
program = Program.find(params["program_id"]) rescue nil
if program.nil?
flash[:failure] = "Log-in failed: program with ID #{params["program_id"]} does not exist"- Read upRead up
- Exclude checks
This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.