Issues - CommunityGrows/communitygrows

OS Command Injection in Rake
Open

    rake (11.3.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8130

Criticality: High

URL: https://github.com/advisories/GHSA-jppv-gw3r-w3q8

Solution: upgrade to >= 12.3.3

ReDoS based DoS vulnerability in GlobalID
Open

    globalid (0.3.7)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2023-22799

URL: https://github.com/rails/globalid/releases/tag/v1.0.1

Solution: upgrade to >= 1.0.1

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

    json (1.8.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-10663

Criticality: High

URL: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/

Solution: upgrade to >= 2.3.0

haml failure to escape single quotes
Open

    haml (4.0.7)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2017-1002201

Criticality: Medium

URL: https://github.com/haml/haml/commit/18576ae6e9bdcb4303fdbe6b3199869d289d67c2

Solution: upgrade to >= 5.0.0.beta.2

RDoc OS command injection vulnerability
Open

    rdoc (4.3.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-31799

Criticality: High

URL: https://www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc/

Solution: upgrade to ~> 6.1.2.1, ~> 6.2.1.1, >= 6.3.1

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

    rack (2.0.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8184

Criticality: High

URL: https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak

Solution: upgrade to ~> 2.1.4, >= 2.2.3

ReDoS based DoS vulnerability in Action Dispatch
Open

    actionpack (5.0.0.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2023-22795

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

XML Injection in Xerces Java affects Nokogiri
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23437

Criticality: Medium

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xxx9-3xcr-gjj3

Solution: upgrade to >= 1.13.4

Potential XSS vulnerability in Action View
Open

    actionview (5.0.0.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-15169

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/b-C9kSGXYrc

Solution: upgrade to >= 5.2.4.4, ~> 5.2.4, >= 6.0.3.3

Possible XSS Vulnerability in Action View tag helpers
Open

    actionview (5.0.0.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-27777

Criticality: Medium

URL: https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw

Solution: upgrade to >= 5.2.7.1, ~> 5.2.7, >= 6.0.4.8, ~> 6.0.4, >= 6.1.5.1, ~> 6.1.5, >= 7.0.2.4

Loofah XSS Vulnerability
Open

    loofah (2.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-15587

Criticality: Medium

URL: https://github.com/flavorjones/loofah/issues/171

Solution: upgrade to >= 2.3.1

Loofah XSS Vulnerability
Open

    loofah (2.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-16468

Criticality: Medium

URL: https://github.com/flavorjones/loofah/issues/154

Solution: upgrade to >= 2.2.3

Loofah XSS Vulnerability
Open

    loofah (2.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-8048

Criticality: Medium

URL: https://github.com/flavorjones/loofah/issues/144

Solution: upgrade to >= 2.2.1

libxml2 2.9.10 has an infinite loop in a certain end-of-file situation
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-7595

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1992

Solution: upgrade to >= 1.10.8

Nokogiri gem contains several vulnerabilities in libxml2 and libxslt
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2016-4658

Criticality: Critical

URL: https://github.com/sparklemotion/nokogiri/issues/1615

Solution: upgrade to >= 1.7.1

Devise Gem for Ruby confirmation token validation with a blank string
Open

    devise (4.2.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-16109

Criticality: Medium

URL: https://github.com/plataformatec/devise/issues/5071

Solution: upgrade to >= 4.7.1

Nokogiri gem, via libxml2, is affected by multiple vulnerabilities
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-14404

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1785

Solution: upgrade to >= 1.8.5

Possible Strong Parameters Bypass in ActionPack
Open

    actionpack (5.0.0.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8164

Criticality: High

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

Possible DoS Vulnerability in Active Record PostgreSQL adapter
Open

    activerecord (5.0.0.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-22880

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/ZzUqCh9vyhI

Solution: upgrade to >= 5.2.4.5, ~> 5.2.4, >= 6.0.3.5, ~> 6.0.3, >= 6.1.2.1

Inefficient Regular Expression Complexity in Nokogiri
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-24836

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8

Solution: upgrade to >= 1.13.4

CommunityGrows/communitygrows

Showing 187 of 187 total issues

OS Command Injection in Rake
Open

ReDoS based DoS vulnerability in GlobalID
Open

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

haml failure to escape single quotes
Open

RDoc OS command injection vulnerability
Open

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

ReDoS based DoS vulnerability in Action Dispatch
Open

XML Injection in Xerces Java affects Nokogiri
Open

Potential XSS vulnerability in Action View
Open

Possible XSS Vulnerability in Action View tag helpers
Open

Loofah XSS Vulnerability
Open

Loofah XSS Vulnerability
Open

Loofah XSS Vulnerability
Open

libxml2 2.9.10 has an infinite loop in a certain end-of-file situation
Open

Nokogiri gem contains several vulnerabilities in libxml2 and libxslt
Open

Devise Gem for Ruby confirmation token validation with a blank string
Open

Nokogiri gem, via libxml2, is affected by multiple vulnerabilities
Open

Possible Strong Parameters Bypass in ActionPack
Open

Possible DoS Vulnerability in Active Record PostgreSQL adapter
Open

Inefficient Regular Expression Complexity in Nokogiri
Open

Severity

Category

Status

Source

Language

CommunityGrows/communitygrows

Showing 187 of 187 total issues

OS Command Injection in Rake Open

ReDoS based DoS vulnerability in GlobalID Open

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix) Open

haml failure to escape single quotes Open

RDoc OS command injection vulnerability Open

Percent-encoded cookies can be used to overwrite existing prefixed cookie names Open

ReDoS based DoS vulnerability in Action Dispatch Open

XML Injection in Xerces Java affects Nokogiri Open

Potential XSS vulnerability in Action View Open

Possible XSS Vulnerability in Action View tag helpers Open

Loofah XSS Vulnerability Open

Loofah XSS Vulnerability Open

Loofah XSS Vulnerability Open

libxml2 2.9.10 has an infinite loop in a certain end-of-file situation Open

Nokogiri gem contains several vulnerabilities in libxml2 and libxslt Open

Devise Gem for Ruby confirmation token validation with a blank string Open

Nokogiri gem, via libxml2, is affected by multiple vulnerabilities Open

Possible Strong Parameters Bypass in ActionPack Open

Possible DoS Vulnerability in Active Record PostgreSQL adapter Open

Inefficient Regular Expression Complexity in Nokogiri Open

Severity

Category

Status

Source

Language

OS Command Injection in Rake
Open

ReDoS based DoS vulnerability in GlobalID
Open

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

haml failure to escape single quotes
Open

RDoc OS command injection vulnerability
Open

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

ReDoS based DoS vulnerability in Action Dispatch
Open

XML Injection in Xerces Java affects Nokogiri
Open

Potential XSS vulnerability in Action View
Open

Possible XSS Vulnerability in Action View tag helpers
Open

Loofah XSS Vulnerability
Open

Loofah XSS Vulnerability
Open

Loofah XSS Vulnerability
Open

libxml2 2.9.10 has an infinite loop in a certain end-of-file situation
Open

Nokogiri gem contains several vulnerabilities in libxml2 and libxslt
Open

Devise Gem for Ruby confirmation token validation with a blank string
Open

Nokogiri gem, via libxml2, is affected by multiple vulnerabilities
Open

Possible Strong Parameters Bypass in ActionPack
Open

Possible DoS Vulnerability in Active Record PostgreSQL adapter
Open

Inefficient Regular Expression Complexity in Nokogiri
Open