Issues - NIT-dgp/cat-forum

Possible Information Disclosure / Unintended Method Execution in Action Pack
Open

    actionpack (4.1.8)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

    json (1.8.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Possible XSS vulnerability in ActionView
Open

    actionview (4.1.8)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Possible RCE escalation bug with Serialized Columns in Active Record
Open

    activerecord (4.1.8)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

haml failure to escape single quotes
Open

    haml (4.0.7)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

CSRF Vulnerability in rails-ujs
Open

    actionview (4.1.8)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Code Injection vulnerability in CarrierWave::RMagick
Open

    carrierwave (0.11.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Denial of service via multipart parsing in Rack
Open

    rack (1.5.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

RDoc OS command injection vulnerability
Open

    rdoc (4.2.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Possible Strong Parameters Bypass in ActionPack
Open

    actionpack (4.1.8)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Denial of service via header parsing in Rack
Open

    rack (1.5.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

    rack (1.5.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Denial of Service Vulnerability in Rack Content-Disposition parsing
Open

    rack (1.5.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Possible XSS Vulnerability in Action View tag helpers
Open

    actionview (4.1.8)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Potential XSS vulnerability in jQuery
Open

    jquery-rails (3.1.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Possible shell escape sequence injection vulnerability in Rack
Open

    rack (1.5.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Directory traversal in Rack::Directory app bundled with Rack
Open

    rack (1.5.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Denial of Service Vulnerability in Rack Multipart Parsing
Open

    rack (1.5.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Ability to forge per-form CSRF tokens given a global CSRF token
Open

    actionpack (4.1.8)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

ReDoS based DoS vulnerability in Action Dispatch
Open

    actionpack (4.1.8)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

NIT-dgp/cat-forum

Showing 145 of 145 total issues

Possible Information Disclosure / Unintended Method Execution in Action Pack
Open

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

Possible XSS vulnerability in ActionView
Open

Possible RCE escalation bug with Serialized Columns in Active Record
Open

haml failure to escape single quotes
Open

CSRF Vulnerability in rails-ujs
Open

Code Injection vulnerability in CarrierWave::RMagick
Open

Denial of service via multipart parsing in Rack
Open

RDoc OS command injection vulnerability
Open

Possible Strong Parameters Bypass in ActionPack
Open

Denial of service via header parsing in Rack
Open

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

Denial of Service Vulnerability in Rack Content-Disposition parsing
Open

Possible XSS Vulnerability in Action View tag helpers
Open

Potential XSS vulnerability in jQuery
Open

Possible shell escape sequence injection vulnerability in Rack
Open

Directory traversal in Rack::Directory app bundled with Rack
Open

Denial of Service Vulnerability in Rack Multipart Parsing
Open

Ability to forge per-form CSRF tokens given a global CSRF token
Open

ReDoS based DoS vulnerability in Action Dispatch
Open

Severity

Category

Status

Source

Language

NIT-dgp/cat-forum

Showing 145 of 145 total issues

Possible Information Disclosure / Unintended Method Execution in Action Pack Open

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix) Open

Possible XSS vulnerability in ActionView Open

Possible RCE escalation bug with Serialized Columns in Active Record Open

haml failure to escape single quotes Open

CSRF Vulnerability in rails-ujs Open

Code Injection vulnerability in CarrierWave::RMagick Open

Denial of service via multipart parsing in Rack Open

RDoc OS command injection vulnerability Open

Possible Strong Parameters Bypass in ActionPack Open

Denial of service via header parsing in Rack Open

Percent-encoded cookies can be used to overwrite existing prefixed cookie names Open

Denial of Service Vulnerability in Rack Content-Disposition parsing Open

Possible XSS Vulnerability in Action View tag helpers Open

Potential XSS vulnerability in jQuery Open

Possible shell escape sequence injection vulnerability in Rack Open

Directory traversal in Rack::Directory app bundled with Rack Open

Denial of Service Vulnerability in Rack Multipart Parsing Open

Ability to forge per-form CSRF tokens given a global CSRF token Open

ReDoS based DoS vulnerability in Action Dispatch Open

Severity

Category

Status

Source

Language

Possible Information Disclosure / Unintended Method Execution in Action Pack
Open

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

Possible XSS vulnerability in ActionView
Open

Possible RCE escalation bug with Serialized Columns in Active Record
Open

haml failure to escape single quotes
Open

CSRF Vulnerability in rails-ujs
Open

Code Injection vulnerability in CarrierWave::RMagick
Open

Denial of service via multipart parsing in Rack
Open

RDoc OS command injection vulnerability
Open

Possible Strong Parameters Bypass in ActionPack
Open

Denial of service via header parsing in Rack
Open

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

Denial of Service Vulnerability in Rack Content-Disposition parsing
Open

Possible XSS Vulnerability in Action View tag helpers
Open

Potential XSS vulnerability in jQuery
Open

Possible shell escape sequence injection vulnerability in Rack
Open

Directory traversal in Rack::Directory app bundled with Rack
Open

Denial of Service Vulnerability in Rack Multipart Parsing
Open

Ability to forge per-form CSRF tokens given a global CSRF token
Open

ReDoS based DoS vulnerability in Action Dispatch
Open