Issues - CDJ11/CDJ - Code Climate

File `graphql_spec.rb` has 517 lines of code (exceeds 250 allowed). Consider refactoring.
Open

require 'rails_helper'

api_types  = GraphQL::ApiTypesCreator.create(API_TYPE_DEFINITIONS)
query_type = GraphQL::QueryTypeCreator.create(api_types)
ConsulSchema = GraphQL::Schema.define do

Found in spec/lib/graphql_spec.rb - About 1 day to fix

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

    nokogiri (1.8.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-5477

Criticality: Critical

URL: https://github.com/sparklemotion/nokogiri/issues/1915

Solution: upgrade to >= 1.10.4

Geocoder gem for Ruby contains possible SQL injection vulnerability
Open

    geocoder (1.4.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-7981

Criticality: Critical

URL: https://github.com/alexreisner/geocoder/blob/master/CHANGELOG.md#161-2020-jan-23

Solution: upgrade to >= 1.6.1

Denial of Service in uap-core when processing crafted User-Agent strings
Open

    user_agent_parser (2.3.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-5243

Criticality: Medium

URL: https://github.com/ua-parser/uap-ruby/security/advisories/GHSA-pcqq-5962-hvcw

Solution: upgrade to >= 2.6.0

HTTP Response Splitting vulnerability in puma
Open

    puma (3.11.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-5247

Criticality: Medium

URL: https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v

Solution: upgrade to ~> 3.12.4, >= 4.3.3

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23517

Criticality: High

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w

Solution: upgrade to >= 1.4.4

Out-of-bounds Write in zlib affects Nokogiri
Open

    nokogiri (1.8.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-25032

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5

Solution: upgrade to >= 1.13.4

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23518

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m

Solution: upgrade to >= 1.4.4

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

    json (2.1.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-10663

Criticality: High

URL: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/

Solution: upgrade to >= 2.3.0

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

    nokogiri (1.8.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-cgx6-hpwq-fhv5

Solution: upgrade to >= 1.13.5

Denial of Service (DoS) in Nokogiri on JRuby
Open

    nokogiri (1.8.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-24839

Criticality: High

URL: https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv

Solution: upgrade to >= 1.13.4

HTTP Response Splitting (Early Hints) in Puma
Open

    puma (3.11.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-5249

Criticality: Medium

URL: https://github.com/puma/puma/security/advisories/GHSA-33vf-4xgg-9r58

Solution: upgrade to ~> 3.12.4, >= 4.3.3

Injection/XSS in Redcarpet
Open

    redcarpet (3.4.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-26298

Criticality: Medium

URL: https://github.com/vmg/redcarpet/commit/a699c82292b17c8e6a62e1914d5eccc252272793

Solution: upgrade to >= 3.5.1

Cross-Site Scripting in Kaminari via `original_script_name` parameter
Open

    kaminari (1.1.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-11082

Criticality: Medium

URL: https://github.com/kaminari/kaminari/security/advisories/GHSA-r5jw-62xg-j433

Solution: upgrade to >= 1.2.1

Improper neutralization of data URIs may allow XSS in Loofah
Open

    loofah (2.2.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23515

Criticality: Medium

URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-228g-948r-83gx

Solution: upgrade to >= 2.19.1

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

    nokogiri (1.8.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-30560

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2

Solution: upgrade to >= 1.13.2

Improper Handling of Unexpected Data Type in Nokogiri
Open

    nokogiri (1.8.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-29181

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m

Solution: upgrade to >= 1.13.6

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

    rails-html-sanitizer (1.0.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-32209

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/ce9PhUANQ6s

Solution: upgrade to >= 1.4.3

Insecure Source URI found: http://insecure.rails-assets.org/
Open

  remote: http://insecure.rails-assets.org/

Found in Gemfile.lock by bundler-audit

Exclude checks
- Disable engine
- Disable check

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

    nokogiri (1.8.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64

Solution: upgrade to >= 1.11.4

CDJ11/CDJ

Showing 4,066 of 4,066 total issues

File `graphql_spec.rb` has 517 lines of code (exceeds 250 allowed). Consider refactoring.
Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

Geocoder gem for Ruby contains possible SQL injection vulnerability
Open

Denial of Service in uap-core when processing crafted User-Agent strings
Open

HTTP Response Splitting vulnerability in puma
Open

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

Out-of-bounds Write in zlib affects Nokogiri
Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

Denial of Service (DoS) in Nokogiri on JRuby
Open

HTTP Response Splitting (Early Hints) in Puma
Open

Injection/XSS in Redcarpet
Open

Cross-Site Scripting in Kaminari via `original_script_name` parameter
Open

Improper neutralization of data URIs may allow XSS in Loofah
Open

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

Improper Handling of Unexpected Data Type in Nokogiri
Open

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

Insecure Source URI found: http://insecure.rails-assets.org/
Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

Severity

Category

Status

Source

Language

CDJ11/CDJ

Showing 4,066 of 4,066 total issues

File graphql_spec.rb has 517 lines of code (exceeds 250 allowed). Consider refactoring. Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file Open

Geocoder gem for Ruby contains possible SQL injection vulnerability Open

Denial of Service in uap-core when processing crafted User-Agent strings Open

HTTP Response Splitting vulnerability in puma Open

Inefficient Regular Expression Complexity in rails-html-sanitizer Open

Out-of-bounds Write in zlib affects Nokogiri Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer Open

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix) Open

Integer Overflow or Wraparound in libxml2 affects Nokogiri Open

Denial of Service (DoS) in Nokogiri on JRuby Open

HTTP Response Splitting (Early Hints) in Puma Open

Injection/XSS in Redcarpet Open

Cross-Site Scripting in Kaminari via original_script_name parameter Open

Improper neutralization of data URIs may allow XSS in Loofah Open

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35) Open

Improper Handling of Unexpected Data Type in Nokogiri Open

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer Open

Insecure Source URI found: http://insecure.rails-assets.org/ Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12 Open

Severity

Category

Status

Source

Language

File `graphql_spec.rb` has 517 lines of code (exceeds 250 allowed). Consider refactoring.
Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

Geocoder gem for Ruby contains possible SQL injection vulnerability
Open

Denial of Service in uap-core when processing crafted User-Agent strings
Open

HTTP Response Splitting vulnerability in puma
Open

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

Out-of-bounds Write in zlib affects Nokogiri
Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

Denial of Service (DoS) in Nokogiri on JRuby
Open

HTTP Response Splitting (Early Hints) in Puma
Open

Injection/XSS in Redcarpet
Open

Cross-Site Scripting in Kaminari via `original_script_name` parameter
Open

Improper neutralization of data URIs may allow XSS in Loofah
Open

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

Improper Handling of Unexpected Data Type in Nokogiri
Open

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

Insecure Source URI found: http://insecure.rails-assets.org/
Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open