Sign upLogin

NMandapaty/ArcticVoice

View on GitHub
Star

Showing 22,124 of 22,124 total issues

Prototype pollution attack through jQuery $.extend
Open

    jquery-rails (4.2.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-11358

Criticality: Medium

URL: https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/

Solution: upgrade to >= 4.3.4

Geocoder gem for Ruby contains possible SQL injection vulnerability
Open

    geocoder (1.4.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-7981

Criticality: Critical

URL: https://github.com/alexreisner/geocoder/blob/master/CHANGELOG.md#161-2020-jan-23

Solution: upgrade to >= 1.6.1

Remote command execution via filename
Open

    mini_magick (4.5.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-13574

Criticality: High

URL: https://benjamin-bouchet.com/blog/vulnerabilite-dans-la-gem-mini_magick-version-4-9-4/

Solution: upgrade to >= 4.9.4

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

    nokogiri (1.6.8.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-41098

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h

Solution: upgrade to >= 1.12.5

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23519

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h

Solution: upgrade to >= 1.4.4

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

    rails-html-sanitizer (1.0.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-32209

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/ce9PhUANQ6s

Solution: upgrade to >= 1.4.3

XSS vulnerability via data-target in bootstrap-sass
Open

    bootstrap-sass (3.3.7)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2016-10735

Criticality: Medium

URL: https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/

Solution: upgrade to >= 3.4.0

Loofah XSS Vulnerability
Open

    loofah (2.0.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-8048

Criticality: Medium

URL: https://github.com/flavorjones/loofah/issues/144

Solution: upgrade to >= 2.2.1

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

    nokogiri (1.6.8.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-30560

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2

Solution: upgrade to >= 1.13.2

Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Open

    nokogiri (1.6.8.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-11068

URL: https://github.com/sparklemotion/nokogiri/issues/1892

Solution: upgrade to >= 1.10.3

Paperclip ruby gem suffers from a Server-Side Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter and Paperclip::HttpUrlProxyAdapter class.
Open

    paperclip (5.1.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2017-0889

Criticality: Critical

URL: https://github.com/thoughtbot/paperclip/pull/2435

Solution: upgrade to >= 5.2.0

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23520

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8

Solution: upgrade to >= 1.4.4

Function editorConfig has 30 lines of code (exceeds 25 allowed). Consider refactoring.
Open

CKEDITOR.editorConfig = function(config) {
  config.language = 'en';
  config.width = '700';
  config.filebrowserBrowseUrl = "/ckeditor/attachment_files";
  config.filebrowserImageBrowseLinkUrl = "/ckeditor/pictures";
Severity: Minor
Found in app/assets/javascripts/ckeditor/config.js - About 1 hr to fix

    File Content Disclosure in Action View
    Open

        actionview (4.2.7)
    Severity: Critical
    Found in Gemfile.lock by bundler-audit

    Advisory: CVE-2019-5418

    Criticality: High

    URL: https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q

    Solution: upgrade to >= 4.2.11.1, ~> 4.2.11, >= 5.0.7.2, ~> 5.0.7, >= 5.1.6.2, ~> 5.1.6, >= 5.2.2.1, ~> 5.2.2, >= 6.0.0.beta3

    Path Traversal in Sprockets
    Open

        sprockets (3.7.0)
    Severity: Critical
    Found in Gemfile.lock by bundler-audit

    Advisory: CVE-2018-3760

    Criticality: High

    URL: https://groups.google.com/forum/#!topic/ruby-security-ann/2S9Pwz2i16k

    Solution: upgrade to < 3.0.0, >= 2.12.5, < 4.0.0, >= 3.7.2, >= 4.0.0.beta8

    Denial of Service Vulnerability in Action View
    Open

        actionview (4.2.7)
    Severity: Critical
    Found in Gemfile.lock by bundler-audit

    Advisory: CVE-2019-5419

    Criticality: High

    URL: https://groups.google.com/forum/#!topic/rubyonrails-security/GN7w9fFAQeI

    Solution: upgrade to >= 6.0.0.beta3, >= 5.2.2.1, ~> 5.2.2, >= 5.1.6.2, ~> 5.1.6, >= 5.0.7.2, ~> 5.0.7, >= 4.2.11.1, ~> 4.2.11

    Broken Access Control vulnerability in Active Job
    Open

        activejob (4.2.7)
    Severity: Critical
    Found in Gemfile.lock by bundler-audit

    Advisory: CVE-2018-16476

    Criticality: High

    URL: https://groups.google.com/forum/#!topic/rubyonrails-security/FL4dSdzr2zw

    Solution: upgrade to ~> 4.2.11, ~> 5.0.7.1, ~> 5.1.6.1, ~> 5.1.7, >= 5.2.1.1

    Possible XSS vulnerability in Rack
    Open

        rack (1.6.4)
    Severity: Minor
    Found in Gemfile.lock by bundler-audit

    Advisory: CVE-2018-16471

    URL: https://groups.google.com/forum/#!topic/ruby-security-ann/NAalCee8n6o

    Solution: upgrade to ~> 1.6.11, >= 2.0.6

    TZInfo relative path traversal vulnerability allows loading of arbitrary files
    Open

        tzinfo (1.2.2)
    Severity: Critical
    Found in Gemfile.lock by bundler-audit

    Advisory: CVE-2022-31163

    Criticality: High

    URL: https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx

    Solution: upgrade to ~> 0.3.61, >= 1.2.10

    ruby-ffi DDL loading issue on Windows OS
    Open

        ffi (1.9.14)
    Severity: Critical
    Found in Gemfile.lock by bundler-audit

    Advisory: CVE-2018-1000201

    Criticality: High

    URL: https://github.com/ffi/ffi/releases/tag/1.9.24

    Solution: upgrade to >= 1.9.24

    Severity
    Category
    Status
    Source
    Language