Issues - GeekPark/gpk_account

i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS
Open

    i18n (0.7.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2014-10077

URL: https://github.com/svenfuchs/i18n/pull/289

Solution: upgrade to >= 0.8.0

Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29
Open

    nokogiri (1.6.8)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2017-5029

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1634

Solution: upgrade to >= 1.7.2

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

    nokogiri (1.6.8)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-30560

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2

Solution: upgrade to >= 1.13.2

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23520

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8

Solution: upgrade to >= 1.4.4

RuboCop gem Insecure use of /tmp
Open

    rubocop (0.40.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2017-8418

Criticality: Low

URL: https://github.com/bbatsov/rubocop/issues/4336

Solution: upgrade to >= 0.49.0

libxml2 2.9.10 has an infinite loop in a certain end-of-file situation
Open

    nokogiri (1.6.8)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-7595

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1992

Solution: upgrade to >= 1.10.8

Revert libxml2 behavior in Nokogiri gem that could cause XSS
Open

    nokogiri (1.6.8)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-8048

URL: https://github.com/sparklemotion/nokogiri/pull/1746

Solution: upgrade to >= 1.8.3

HTTP Response Splitting (Early Hints) in Puma
Open

    puma (3.4.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-5249

Criticality: Medium

URL: https://github.com/puma/puma/security/advisories/GHSA-33vf-4xgg-9r58

Solution: upgrade to ~> 3.12.4, >= 4.3.3

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23518

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m

Solution: upgrade to >= 1.4.4

Regular Expression Denial of Service in Addressable templates
Open

    addressable (2.4.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-32740

Criticality: High

URL: https://github.com/advisories/GHSA-jxhc-q857-3j6g

Solution: upgrade to >= 2.8.0

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

    nokogiri (1.6.8)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory:

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-cgx6-hpwq-fhv5

Solution: upgrade to >= 1.13.5

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

    nokogiri (1.6.8)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory:

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw

Solution: upgrade to >= 1.13.9

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

    nokogiri (1.6.8)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2017-16932

URL: https://github.com/sparklemotion/nokogiri/issues/1714

Solution: upgrade to >= 1.8.1

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

    nokogiri (1.6.8)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-41098

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h

Solution: upgrade to >= 1.12.5

Inefficient Regular Expression Complexity in Loofah
Open

    loofah (2.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23514

Criticality: High

URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-486f-hjj9-9vhh

Solution: upgrade to >= 2.19.1

XML Injection in Xerces Java affects Nokogiri
Open

    nokogiri (1.6.8)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23437

Criticality: Medium

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xxx9-3xcr-gjj3

Solution: upgrade to >= 1.13.4

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

    nokogiri (1.6.8)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-13117

URL: https://github.com/sparklemotion/nokogiri/issues/1943

Solution: upgrade to >= 1.10.5

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

    nokogiri (1.6.8)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2017-15412

URL: https://github.com/sparklemotion/nokogiri/issues/1714

Solution: upgrade to >= 1.8.2

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

    rails-html-sanitizer (1.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-32209

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/ce9PhUANQ6s

Solution: upgrade to >= 1.4.3

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

    puma (3.4.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-11076

Criticality: High

URL: https://github.com/puma/puma/security/advisories/GHSA-x7jg-6pwg-fx5h

Solution: upgrade to ~> 3.12.5, >= 4.3.4

GeekPark/gpk_account

Showing 926 of 926 total issues

i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS
Open

Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29
Open

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

RuboCop gem Insecure use of /tmp
Open

libxml2 2.9.10 has an infinite loop in a certain end-of-file situation
Open

Revert libxml2 behavior in Nokogiri gem that could cause XSS
Open

HTTP Response Splitting (Early Hints) in Puma
Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

Regular Expression Denial of Service in Addressable templates
Open

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

Inefficient Regular Expression Complexity in Loofah
Open

XML Injection in Xerces Java affects Nokogiri
Open

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

Severity

Category

Status

Source

Language

GeekPark/gpk_account

Showing 926 of 926 total issues

i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS Open

Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29 Open

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35) Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer Open

RuboCop gem Insecure use of /tmp Open

libxml2 2.9.10 has an infinite loop in a certain end-of-file situation Open

Revert libxml2 behavior in Nokogiri gem that could cause XSS Open

HTTP Response Splitting (Early Hints) in Puma Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer Open

Regular Expression Denial of Service in Addressable templates Open

Integer Overflow or Wraparound in libxml2 affects Nokogiri Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities Open

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby Open

Inefficient Regular Expression Complexity in Loofah Open

XML Injection in Xerces Java affects Nokogiri Open

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities Open

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer Open

HTTP Smuggling via Transfer-Encoding Header in Puma Open

Severity

Category

Status

Source

Language

i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS
Open

Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29
Open

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

RuboCop gem Insecure use of /tmp
Open

libxml2 2.9.10 has an infinite loop in a certain end-of-file situation
Open

Revert libxml2 behavior in Nokogiri gem that could cause XSS
Open

HTTP Response Splitting (Early Hints) in Puma
Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

Regular Expression Denial of Service in Addressable templates
Open

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

Inefficient Regular Expression Complexity in Loofah
Open

XML Injection in Xerces Java affects Nokogiri
Open

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

HTTP Smuggling via Transfer-Encoding Header in Puma
Open