EPHEC-Enovatech/sensorygarden-api

View on GitHub

Showing 13 of 21 total issues

Loofah XSS Vulnerability
Open

    loofah (2.2.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-15587

URL: https://github.com/flavorjones/loofah/issues/171

Solution: upgrade to >= 2.3.1

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

    nokogiri (1.8.5)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-13117

URL: https://github.com/sparklemotion/nokogiri/issues/1943

Solution: upgrade to >= 1.10.5

Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Open

    nokogiri (1.8.5)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-11068

URL: https://github.com/sparklemotion/nokogiri/issues/1892

Solution: upgrade to >= 1.10.3

libxml2 2.9.10 has an infinite loop in a certain end-of-file situation
Open

    nokogiri (1.8.5)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-7595

Criticality: Medium

URL: https://github.com/sparklemotion/nokogiri/issues/1992

Solution: upgrade to >= 1.10.8

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

    nokogiri (1.8.5)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-5477

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1915

Solution: upgrade to >= 1.10.4

Possible Remote Code Execution Exploit in Rails Development Mode
Open

    railties (5.2.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-5420

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/IsQKvDqZdKw

Solution: upgrade to >= 5.2.2.1, ~> 5.2.2, >= 6.0.0.beta3

Denial of Service Vulnerability in Action View
Open

    actionview (5.2.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-5419

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/GN7w9fFAQeI

Solution: upgrade to >= 6.0.0.beta3, >= 5.2.2.1, ~> 5.2.2, >= 5.1.6.2, ~> 5.1.6, >= 5.0.7.2, ~> 5.0.7, >= 4.2.11.1, ~> 4.2.11

Keepalive thread overload/DoS in puma
Open

    puma (3.12.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-16770

Criticality: High

URL: https://github.com/puma/puma/security/advisories/GHSA-7xx3-m584-x994

Solution: upgrade to ~> 3.12.2, >= 4.3.1

rack-cors directory traversal via path
Open

    rack-cors (1.0.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-18978

URL: https://github.com/cyu/rack-cors/commit/e4d4fc362a4315808927011cbe5afcfe5486f17d

Solution: upgrade to >= 1.0.4

File Content Disclosure in Action View
Open

    actionview (5.2.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-5418

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q

Solution: upgrade to >= 4.2.11.1, ~> 4.2.11, >= 5.0.7.2, ~> 5.0.7, >= 5.1.6.2, ~> 5.1.6, >= 5.2.2.1, ~> 5.2.2, >= 6.0.0.beta3

Possible information leak / session hijack vulnerability
Open

    rack (2.0.6)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-16782

URL: https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3

Solution: upgrade to ~> 1.6.12, >= 2.0.8

Broken Access Control vulnerability in Active Job
Open

    activejob (5.2.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-16476

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/FL4dSdzr2zw

Solution: upgrade to ~> 4.2.11, ~> 5.0.7.1, ~> 5.1.6.1, ~> 5.1.7, >= 5.2.1.1

Bypass vulnerability in Active Storage
Open

    activestorage (5.2.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-16477

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/3KQRnXDIuLg

Solution: upgrade to >= 5.2.1.1

Severity
Category
Status
Source
Language