Showing 926 of 926 total issues
Nokogiri gem, via libxml, is affected by DoS vulnerabilities Open
nokogiri (1.6.8)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2017-15412
URL: https://github.com/sparklemotion/nokogiri/issues/1714
Solution: upgrade to >= 1.8.2
Nokogiri gem, via libxslt, is affected by multiple vulnerabilities Open
nokogiri (1.6.8)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2019-13117
URL: https://github.com/sparklemotion/nokogiri/issues/1943
Solution: upgrade to >= 1.10.5
Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability Open
nokogiri (1.6.8)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2020-26247
Criticality: Low
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m
Solution: upgrade to >= 1.11.0.rc4
Inefficient Regular Expression Complexity in Nokogiri Open
nokogiri (1.6.8)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2022-24836
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8
Solution: upgrade to >= 1.13.4
Possible XSS vulnerability with certain configurations of rails-html-sanitizer Open
rails-html-sanitizer (1.0.3)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2022-23520
Criticality: Medium
URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8
Solution: upgrade to >= 1.4.4
Nokogiri gem contains several vulnerabilities in libxml2 and libxslt Open
nokogiri (1.6.8)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2016-4658
Criticality: Critical
URL: https://github.com/sparklemotion/nokogiri/issues/1615
Solution: upgrade to >= 1.7.1
Revert libxml2 behavior in Nokogiri gem that could cause XSS Open
nokogiri (1.6.8)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2018-8048
URL: https://github.com/sparklemotion/nokogiri/pull/1746
Solution: upgrade to >= 1.8.3
Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer Open
rails-html-sanitizer (1.0.3)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2022-32209
Criticality: Medium
URL: https://groups.google.com/g/rubyonrails-security/c/ce9PhUANQ6s
Solution: upgrade to >= 1.4.3
OmniAuth's lib/omniauth/failure_endpoint.rb
does not escape message_key
value Open
omniauth (1.7.1)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2020-36599
Criticality: Critical
Solution: upgrade to ~> 1.9.2, >= 2.0.0
HTTP Smuggling via Transfer-Encoding Header in Puma Open
puma (3.4.0)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2020-11077
Criticality: Medium
URL: https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm
Solution: upgrade to ~> 3.12.6, >= 4.3.5
Loofah XSS Vulnerability Open
loofah (2.0.3)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2019-15587
Criticality: Medium
URL: https://github.com/flavorjones/loofah/issues/171
Solution: upgrade to >= 2.3.1
libxml2 2.9.10 has an infinite loop in a certain end-of-file situation Open
nokogiri (1.6.8)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2020-7595
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/issues/1992
Solution: upgrade to >= 1.10.8
Nokogiri gem, via libxml, is affected by DoS vulnerabilities Open
nokogiri (1.6.8)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2017-16932
URL: https://github.com/sparklemotion/nokogiri/issues/1714
Solution: upgrade to >= 1.8.1
Denial of Service (DoS) in Nokogiri on JRuby Open
nokogiri (1.6.8)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2022-24839
Criticality: High
URL: https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv
Solution: upgrade to >= 1.13.4
Improper Handling of Unexpected Data Type in Nokogiri Open
nokogiri (1.6.8)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2022-29181
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m
Solution: upgrade to >= 1.13.6
Doorkeeper gem does not revoke token for public clients Open
doorkeeper (4.2.0)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2018-1000211
Criticality: High
URL: https://blog.justinbull.ca/cve-2018-1000211-public-apps-cant-revoke-tokens-in-doorkeeper/
Solution: upgrade to >= 4.4.0, >= 5.0.0.rc2
Regular Expression Denial of Service in Addressable templates Open
addressable (2.4.0)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2021-32740
Criticality: High
URL: https://github.com/advisories/GHSA-jxhc-q857-3j6g
Solution: upgrade to >= 2.8.0
Loofah XSS Vulnerability Open
loofah (2.0.3)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2018-16468
Criticality: Medium
URL: https://github.com/flavorjones/loofah/issues/154
Solution: upgrade to >= 2.2.3
i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS Open
i18n (0.7.0)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2014-10077
URL: https://github.com/svenfuchs/i18n/pull/289
Solution: upgrade to >= 0.8.0
Loofah XSS Vulnerability Open
loofah (2.0.3)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2018-8048
Criticality: Medium
URL: https://github.com/flavorjones/loofah/issues/144
Solution: upgrade to >= 2.2.1