Showing 142 of 143 total issues
Possible RCE escalation bug with Serialized Columns in Active Record Open
activerecord (6.0.3.1)- Read upRead up
- Exclude checks
Advisory: CVE-2022-32224
Criticality: Critical
URL: https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U
Solution: upgrade to >= 5.2.8.1, ~> 5.2.8, >= 6.0.5.1, ~> 6.0.5, >= 6.1.6.1, ~> 6.1.6, >= 7.0.3.1
Keepalive Connections Causing Denial Of Service in puma Open
puma (4.3.5)- Read upRead up
- Exclude checks
Advisory: CVE-2021-29509
Criticality: High
URL: https://github.com/puma/puma/security/advisories/GHSA-q28m-8xjw-8vr5
Solution: upgrade to ~> 4.3.8, >= 5.3.1
Possible Open Redirect in Host Authorization Middleware Open
actionpack (6.0.3.1)- Read upRead up
- Exclude checks
Advisory: CVE-2021-22942
Criticality: High
URL: https://groups.google.com/g/rubyonrails-security/c/wB5tRn7h36c
Solution: upgrade to >= 6.0.4.1, ~> 6.0.4, >= 6.1.4.1
TZInfo relative path traversal vulnerability allows loading of arbitrary files Open
tzinfo (1.2.7)- Read upRead up
- Exclude checks
Advisory: CVE-2022-31163
Criticality: High
URL: https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx
Solution: upgrade to ~> 0.3.61, >= 1.2.10
Possible exposure of information vulnerability in Action Pack Open
actionpack (6.0.3.1)- Read upRead up
- Exclude checks
Advisory: CVE-2022-23633
Criticality: High
URL: https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ
Solution: upgrade to >= 5.2.6.2, ~> 5.2.6, >= 6.0.4.6, ~> 6.0.4, >= 6.1.4.6, ~> 6.1.4, >= 7.0.2.2
Possible XSS Vulnerability in Action Pack Open
actionpack (6.0.3.1)- Read upRead up
- Exclude checks
Advisory: CVE-2022-22577
Criticality: Medium
URL: https://groups.google.com/g/ruby-security-ann/c/NuFRKaN5swI
Solution: upgrade to >= 5.2.7.1, ~> 5.2.7, >= 6.0.4.8, ~> 6.0.4, >= 6.1.5.1, ~> 6.1.5, >= 7.0.2.4
Possible XSS Vulnerability in Action View tag helpers Open
actionview (6.0.3.1)- Read upRead up
- Exclude checks
Advisory: CVE-2022-27777
Criticality: Medium
URL: https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw
Solution: upgrade to >= 5.2.7.1, ~> 5.2.7, >= 6.0.4.8, ~> 6.0.4, >= 6.1.5.1, ~> 6.1.5, >= 7.0.2.4
Denial of Service Vulnerability in Rack Multipart Parsing Open
rack (2.2.2)- Read upRead up
- Exclude checks
Advisory: CVE-2022-30122
Criticality: High
URL: https://groups.google.com/g/ruby-security-ann/c/L2Axto442qk
Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1
Possible Open Redirect in Host Authorization Middleware Open
actionpack (6.0.3.1)- Read upRead up
- Exclude checks
Advisory: CVE-2021-44528
Criticality: Medium
URL: https://groups.google.com/g/ruby-security-ann/c/vG9gz3nk1pM/m/7-NU4MNrDAAJ
Solution: upgrade to >= 6.0.4.2, ~> 6.0.4, >= 6.1.4.2, ~> 6.1.4, >= 7.0.0.rc2
Denial of service via multipart parsing in Rack Open
rack (2.2.2)- Read upRead up
- Exclude checks
Advisory: CVE-2022-44572
URL: https://github.com/rack/rack/releases/tag/v3.0.4.1
Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.1, ~> 2.2.6, >= 3.0.4.1
Denial of service via header parsing in Rack Open
rack (2.2.2)- Read upRead up
- Exclude checks
Advisory: CVE-2022-44570
URL: https://github.com/rack/rack/releases/tag/v3.0.4.1
Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.2, ~> 2.2.6, >= 3.0.4.1
Percent-encoded cookies can be used to overwrite existing prefixed cookie names Open
rack (2.2.2)- Read upRead up
- Exclude checks
Advisory: CVE-2020-8184
Criticality: High
URL: https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak
Solution: upgrade to ~> 2.1.4, >= 2.2.3
Possible shell escape sequence injection vulnerability in Rack Open
rack (2.2.2)- Read upRead up
- Exclude checks
Advisory: CVE-2022-30123
Criticality: Critical
URL: https://groups.google.com/g/ruby-security-ann/c/LWB10kWzag8
Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1
HTTP Request Smuggling in puma Open
puma (4.3.5)- Read upRead up
- Exclude checks
Advisory: CVE-2022-24790
Criticality: Critical
URL: https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9
Solution: upgrade to ~> 4.3.12, >= 5.6.4
SQL Injection Vulnerability via ActiveRecord comments Open
activerecord (6.0.3.1)- Read upRead up
- Exclude checks
Advisory: CVE-2023-22794
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Solution: upgrade to >= 6.0.6.1, ~> 6.0.6, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma Open
puma (4.3.5)- Read upRead up
- Exclude checks
Advisory: CVE-2021-41136
Criticality: Low
URL: https://github.com/puma/puma/security/advisories/GHSA-48w2-rm65-62xx
Solution: upgrade to ~> 4.3.9, >= 5.5.1
Denial of Service Vulnerability in Rack Content-Disposition parsing Open
rack (2.2.2)- Read upRead up
- Exclude checks
Advisory: CVE-2022-44571
URL: https://github.com/rack/rack/releases/tag/v3.0.4.1
Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.1, ~> 2.2.6, >= 3.0.4.1
Possible code injection vulnerability in Rails / Active Storage Open
activestorage (6.0.3.1)- Read upRead up
- Exclude checks
Advisory: CVE-2022-21831
Criticality: Critical
URL: https://groups.google.com/g/rubyonrails-security/c/n-p-W1yxatI
Solution: upgrade to >= 5.2.6.3, ~> 5.2.6, >= 6.0.4.7, ~> 6.0.4, >= 6.1.4.7, ~> 6.1.4, >= 7.0.2.3
Information Exposure with Puma when used with Rails Open
puma (4.3.5)- Read upRead up
- Exclude checks
Advisory: CVE-2022-23634
Criticality: High
URL: https://github.com/puma/puma/security/advisories/GHSA-rmj8-8hhh-gv5h
Solution: upgrade to ~> 4.3.11, >= 5.6.2
Block has too many lines. [29/25] Open
task backfill_tracks: :environment do
count = 1
Item.where.not(discogs_url: [nil, ""]).find_each do |item|
next if item.tracks.exists?- Read upRead up
- Exclude checks
This cop checks if the length of a block exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable. The cop can be configured to ignore blocks passed to certain methods.