Issues - CommunityGrows/communitygrows

Revert libxml2 behavior in Nokogiri gem that could cause XSS
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-8048

URL: https://github.com/sparklemotion/nokogiri/pull/1746

Solution: upgrade to >= 1.8.3

Possible Information Disclosure / Unintended Method Execution in Action Pack
Open

    actionpack (5.0.0.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-22885

Criticality: High

URL: https://groups.google.com/g/rubyonrails-security/c/NiQl-48cXYI

Solution: upgrade to ~> 5.2.4.6, ~> 5.2.6, >= 6.0.3.7, ~> 6.0.3, >= 6.1.3.2

Devise Gem for Ruby Time-of-check Time-of-use race condition with lockable module
Open

    devise (4.2.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-5421

Criticality: Critical

URL: https://github.com/plataformatec/devise/issues/4981

Solution: upgrade to >= 4.6.0

Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2017-9050

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1673

Solution: upgrade to >= 1.8.1

Out-of-bounds Write in zlib affects Nokogiri
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-25032

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5

Solution: upgrade to >= 1.13.4

Directory traversal in Rack::Directory app bundled with Rack
Open

    rack (2.0.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8161

Criticality: High

URL: https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA

Solution: upgrade to ~> 2.1.3, >= 2.2.0

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

    rails-html-sanitizer (1.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-32209

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/ce9PhUANQ6s

Solution: upgrade to >= 1.4.3

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

    activerecord (5.0.0.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-44566

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
Open

    activesupport (5.0.0.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8165

Criticality: Critical

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

Inefficient Regular Expression Complexity in Loofah
Open

    loofah (2.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23514

Criticality: High

URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-486f-hjj9-9vhh

Solution: upgrade to >= 2.19.1

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-cgx6-hpwq-fhv5

Solution: upgrade to >= 1.13.5

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23518

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m

Solution: upgrade to >= 1.4.4

Possible RCE escalation bug with Serialized Columns in Active Record
Open

    activerecord (5.0.0.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-32224

Criticality: Critical

URL: https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U

Solution: upgrade to >= 5.2.8.1, ~> 5.2.8, >= 6.0.5.1, ~> 6.0.5, >= 6.1.6.1, ~> 6.1.6, >= 7.0.3.1

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-26247

Criticality: Low

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m

Solution: upgrade to >= 1.11.0.rc4

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2017-16932

URL: https://github.com/sparklemotion/nokogiri/issues/1714

Solution: upgrade to >= 1.8.1

ReDoS based DoS vulnerability in Action Dispatch
Open

    actionpack (5.0.0.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2023-22792

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Prototype pollution attack through jQuery $.extend
Open

    jquery-rails (4.2.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-11358

Criticality: Medium

URL: https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/

Solution: upgrade to >= 4.3.4

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23517

Criticality: High

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w

Solution: upgrade to >= 1.4.4

Possible XSS vulnerability in ActionView
Open

    actionview (5.0.0.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-5267

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/55reWMM_Pg8

Solution: upgrade to >= 5.2.4.2, ~> 5.2.4, >= 6.0.2.2

Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-11068

URL: https://github.com/sparklemotion/nokogiri/issues/1892

Solution: upgrade to >= 1.10.3

CommunityGrows/communitygrows

Showing 187 of 187 total issues

Revert libxml2 behavior in Nokogiri gem that could cause XSS
Open

Possible Information Disclosure / Unintended Method Execution in Action Pack
Open

Devise Gem for Ruby Time-of-check Time-of-use race condition with lockable module
Open

Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities
Open

Out-of-bounds Write in zlib affects Nokogiri
Open

Directory traversal in Rack::Directory app bundled with Rack
Open

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
Open

Inefficient Regular Expression Complexity in Loofah
Open

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

Possible RCE escalation bug with Serialized Columns in Active Record
Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

ReDoS based DoS vulnerability in Action Dispatch
Open

Prototype pollution attack through jQuery $.extend
Open

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

Possible XSS vulnerability in ActionView
Open

Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Open

Severity

Category

Status

Source

Language

CommunityGrows/communitygrows

Showing 187 of 187 total issues

Revert libxml2 behavior in Nokogiri gem that could cause XSS Open

Possible Information Disclosure / Unintended Method Execution in Action Pack Open

Devise Gem for Ruby Time-of-check Time-of-use race condition with lockable module Open

Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities Open

Out-of-bounds Write in zlib affects Nokogiri Open

Directory traversal in Rack::Directory app bundled with Rack Open

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer Open

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter Open

Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore Open

Inefficient Regular Expression Complexity in Loofah Open

Integer Overflow or Wraparound in libxml2 affects Nokogiri Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer Open

Possible RCE escalation bug with Serialized Columns in Active Record Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities Open

ReDoS based DoS vulnerability in Action Dispatch Open

Prototype pollution attack through jQuery $.extend Open

Inefficient Regular Expression Complexity in rails-html-sanitizer Open

Possible XSS vulnerability in ActionView Open

Nokogiri gem, via libxslt, is affected by improper access control vulnerability Open

Severity

Category

Status

Source

Language

Revert libxml2 behavior in Nokogiri gem that could cause XSS
Open

Possible Information Disclosure / Unintended Method Execution in Action Pack
Open

Devise Gem for Ruby Time-of-check Time-of-use race condition with lockable module
Open

Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities
Open

Out-of-bounds Write in zlib affects Nokogiri
Open

Directory traversal in Rack::Directory app bundled with Rack
Open

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
Open

Inefficient Regular Expression Complexity in Loofah
Open

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

Possible RCE escalation bug with Serialized Columns in Active Record
Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

ReDoS based DoS vulnerability in Action Dispatch
Open

Prototype pollution attack through jQuery $.extend
Open

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

Possible XSS vulnerability in ActionView
Open

Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Open