Issues - NMandapaty/ArcticVoice

Directory traversal in Rack::Directory app bundled with Rack
Open

    rack (1.6.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8161

Criticality: High

URL: https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA

Solution: upgrade to ~> 2.1.3, >= 2.2.0

simple_form Gem for Ruby Incorrect Access Control for forms based on user input
Open

    simple_form (3.3.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-16676

Criticality: Critical

URL: https://github.com/plataformatec/simple_form/security/advisories/GHSA-r74q-gxcg-73hx

Solution: upgrade to >= 5.0

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

    activerecord (4.2.7)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-44566

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Possible Information Disclosure / Unintended Method Execution in Action Pack
Open

    actionpack (4.2.7)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-22885

Criticality: High

URL: https://groups.google.com/g/rubyonrails-security/c/NiQl-48cXYI

Solution: upgrade to ~> 5.2.4.6, ~> 5.2.6, >= 6.0.3.7, ~> 6.0.3, >= 6.1.3.2

Potential XSS vulnerability in Action View
Open

    actionview (4.2.7)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-15169

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/b-C9kSGXYrc

Solution: upgrade to >= 5.2.4.4, ~> 5.2.4, >= 6.0.3.3

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

    json (1.8.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-10663

Criticality: High

URL: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/

Solution: upgrade to >= 2.3.0

Denial of service via header parsing in Rack
Open

    rack (1.6.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-44570

URL: https://github.com/rack/rack/releases/tag/v3.0.4.1

Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.2, ~> 2.2.6, >= 3.0.4.1

Server-side request forgery in CarrierWave
Open

    carrierwave (0.11.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-21288

Criticality: Medium

URL: https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-fwcm-636p-68r5

Solution: upgrade to ~> 1.3.2, >= 2.1.1

ReDoS based DoS vulnerability in GlobalID
Open

    globalid (0.3.7)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2023-22799

URL: https://github.com/rails/globalid/releases/tag/v1.0.1

Solution: upgrade to >= 1.0.1

Devise Gem for Ruby confirmation token validation with a blank string
Open

    devise (4.2.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-16109

Criticality: Medium

URL: https://github.com/plataformatec/devise/issues/5071

Solution: upgrade to >= 4.7.1

Out-of-bounds Write in zlib affects Nokogiri
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-25032

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5

Solution: upgrade to >= 1.13.4

Nokogiri gem, via libxml2, is affected by multiple vulnerabilities
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-14404

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1785

Solution: upgrade to >= 1.8.5

i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS
Open

    i18n (0.7.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2014-10077

URL: https://github.com/svenfuchs/i18n/pull/289

Solution: upgrade to >= 0.8.0

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-26247

Criticality: Low

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m

Solution: upgrade to >= 1.11.0.rc4

Devise Gem for Ruby Time-of-check Time-of-use race condition with lockable module
Open

    devise (4.2.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-5421

Criticality: Critical

URL: https://github.com/plataformatec/devise/issues/4981

Solution: upgrade to >= 4.6.0

Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2017-9050

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1673

Solution: upgrade to >= 1.8.1

Loofah XSS Vulnerability
Open

    loofah (2.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-15587

Criticality: Medium

URL: https://github.com/flavorjones/loofah/issues/171

Solution: upgrade to >= 2.3.1

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23518

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m

Solution: upgrade to >= 1.4.4

XSS vulnerability in bootstrap-sass
Open

    bootstrap-sass (3.3.7)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-8331

Criticality: Medium

URL: https://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/

Solution: upgrade to >= 3.4.1

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-5477

Criticality: Critical

URL: https://github.com/sparklemotion/nokogiri/issues/1915

Solution: upgrade to >= 1.10.4

NMandapaty/ArcticVoice

Showing 22,124 of 22,124 total issues

Directory traversal in Rack::Directory app bundled with Rack
Open

simple_form Gem for Ruby Incorrect Access Control for forms based on user input
Open

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

Possible Information Disclosure / Unintended Method Execution in Action Pack
Open

Potential XSS vulnerability in Action View
Open

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

Denial of service via header parsing in Rack
Open

Server-side request forgery in CarrierWave
Open

ReDoS based DoS vulnerability in GlobalID
Open

Devise Gem for Ruby confirmation token validation with a blank string
Open

Out-of-bounds Write in zlib affects Nokogiri
Open

Nokogiri gem, via libxml2, is affected by multiple vulnerabilities
Open

i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS
Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

Devise Gem for Ruby Time-of-check Time-of-use race condition with lockable module
Open

Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities
Open

Loofah XSS Vulnerability
Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

XSS vulnerability in bootstrap-sass
Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

Severity

Category

Status

Source

Language

NMandapaty/ArcticVoice

Showing 22,124 of 22,124 total issues

Directory traversal in Rack::Directory app bundled with Rack Open

simple_form Gem for Ruby Incorrect Access Control for forms based on user input Open

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter Open

Possible Information Disclosure / Unintended Method Execution in Action Pack Open

Potential XSS vulnerability in Action View Open

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix) Open

Denial of service via header parsing in Rack Open

Server-side request forgery in CarrierWave Open

ReDoS based DoS vulnerability in GlobalID Open

Devise Gem for Ruby confirmation token validation with a blank string Open

Out-of-bounds Write in zlib affects Nokogiri Open

Nokogiri gem, via libxml2, is affected by multiple vulnerabilities Open

i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability Open

Devise Gem for Ruby Time-of-check Time-of-use race condition with lockable module Open

Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities Open

Loofah XSS Vulnerability Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer Open

XSS vulnerability in bootstrap-sass Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file Open

Severity

Category

Status

Source

Language

Directory traversal in Rack::Directory app bundled with Rack
Open

simple_form Gem for Ruby Incorrect Access Control for forms based on user input
Open

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

Possible Information Disclosure / Unintended Method Execution in Action Pack
Open

Potential XSS vulnerability in Action View
Open

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

Denial of service via header parsing in Rack
Open

Server-side request forgery in CarrierWave
Open

ReDoS based DoS vulnerability in GlobalID
Open

Devise Gem for Ruby confirmation token validation with a blank string
Open

Out-of-bounds Write in zlib affects Nokogiri
Open

Nokogiri gem, via libxml2, is affected by multiple vulnerabilities
Open

i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS
Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

Devise Gem for Ruby Time-of-check Time-of-use race condition with lockable module
Open

Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities
Open

Loofah XSS Vulnerability
Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

XSS vulnerability in bootstrap-sass
Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open