EPHEC-Enovatech/sensorygarden-api

View on GitHub

Showing 6 of 14 total issues

Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Open

    nokogiri (1.8.5)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-11068

URL: https://github.com/sparklemotion/nokogiri/issues/1892

Solution: upgrade to >= 1.10.3

Possible Remote Code Execution Exploit in Rails Development Mode
Open

    railties (5.2.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-5420

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/IsQKvDqZdKw

Solution: upgrade to >= 5.2.2.1, ~> 5.2.2, >= 6.0.0.beta3

File Content Disclosure in Action View
Open

    actionview (5.2.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-5418

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q

Solution: upgrade to >= 4.2.11.1, ~> 4.2.11, >= 5.0.7.2, ~> 5.0.7, >= 5.1.6.2, ~> 5.1.6, >= 5.2.2.1, ~> 5.2.2, >= 6.0.0.beta3

Denial of Service Vulnerability in Action View
Open

    actionview (5.2.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-5419

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/GN7w9fFAQeI

Solution: upgrade to >= 6.0.0.beta3, >= 5.2.2.1, ~> 5.2.2, >= 5.1.6.2, ~> 5.1.6, >= 5.0.7.2, ~> 5.0.7, >= 4.2.11.1, ~> 4.2.11

Broken Access Control vulnerability in Active Job
Open

    activejob (5.2.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-16476

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/FL4dSdzr2zw

Solution: upgrade to ~> 4.2.11, ~> 5.0.7.1, ~> 5.1.6.1, ~> 5.1.7, >= 5.2.1.1

Bypass vulnerability in Active Storage
Open

    activestorage (5.2.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-16477

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/3KQRnXDIuLg

Solution: upgrade to >= 5.2.1.1

Severity
Category
Status
Source
Language