Showing 134 of 134 total issues
Possible XSS vulnerability in rails-html-sanitizer Open
rails-html-sanitizer (1.0.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2015-7578
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/uh--W4TDwmI
Solution: upgrade to >= 1.0.3
TZInfo relative path traversal vulnerability allows loading of arbitrary files Open
tzinfo (1.2.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-31163
Criticality: High
URL: https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx
Solution: upgrade to ~> 0.3.61, >= 1.2.10
Possible information leak / session hijack vulnerability Open
rack (1.6.4)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-16782
Criticality: Medium
URL: https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3
Solution: upgrade to ~> 1.6.12, >= 2.0.8
Potential remote code execution of user-provided local names in ActionView Open
actionview (4.2.5)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-8163
Criticality: High
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/hWuKcHyoKh0
Solution: upgrade to >= 4.2.11.2
Possible XSS vulnerability in rails-html-sanitizer Open
rails-html-sanitizer (1.0.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2015-7580
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/uh--W4TDwmI
Solution: upgrade to >= 1.0.3
ruby-ffi DDL loading issue on Windows OS Open
ffi (1.9.10)
- Read upRead up
- Exclude checks
Advisory: CVE-2018-1000201
Criticality: High
URL: https://github.com/ffi/ffi/releases/tag/1.9.24
Solution: upgrade to >= 1.9.24
omniauth leaks authenticity token in callback params Open
omniauth (1.3.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2017-18076
Criticality: High
URL: https://github.com/omniauth/omniauth/pull/867
Solution: upgrade to >= 1.3.2
Unsafe Query Generation Risk in Active Record Open
activerecord (4.2.5)
- Read upRead up
- Exclude checks
Advisory: CVE-2016-6317
Criticality: High
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/rgO20zYW33s
Solution: upgrade to >= 4.2.7.1
Directory traversal vulnerability in rubyzip Open
rubyzip (1.2.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2017-5946
Criticality: Critical
URL: https://github.com/rubyzip/rubyzip/issues/315
Solution: upgrade to >= 1.2.1
Broken Access Control vulnerability in Active Job Open
activejob (4.2.5)
- Read upRead up
- Exclude checks
Advisory: CVE-2018-16476
Criticality: High
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/FL4dSdzr2zw
Solution: upgrade to ~> 4.2.11, ~> 5.0.7.1, ~> 5.1.6.1, ~> 5.1.7, >= 5.2.1.1
Possible XSS vulnerability in Rack Open
rack (1.6.4)
- Read upRead up
- Exclude checks
Advisory: CVE-2018-16471
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/NAalCee8n6o
Solution: upgrade to ~> 1.6.11, >= 2.0.6
File Content Disclosure in Action View Open
actionview (4.2.5)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-5418
Criticality: High
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q
Solution: upgrade to >= 4.2.11.1, ~> 4.2.11, >= 5.0.7.2, ~> 5.0.7, >= 5.1.6.2, ~> 5.1.6, >= 5.2.2.1, ~> 5.2.2, >= 6.0.0.beta3
Denial of Service Vulnerability in Action View Open
actionview (4.2.5)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-5419
Criticality: High
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/GN7w9fFAQeI
Solution: upgrade to >= 6.0.0.beta3, >= 5.2.2.1, ~> 5.2.2, >= 5.1.6.2, ~> 5.1.6, >= 5.0.7.2, ~> 5.0.7, >= 4.2.11.1, ~> 4.2.11
Denial of service or RCE from libxml2 and libxslt Open
nokogiri (1.6.7.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2015-8806
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/issues/1473
Solution: upgrade to >= 1.6.8
Directory Traversal in rubyzip Open
rubyzip (1.2.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2018-1000544
Criticality: Critical
URL: https://github.com/rubyzip/rubyzip/issues/369
Solution: upgrade to >= 1.2.2
Method unique_number
has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring. Open
def self.unique_number(array, options = {})
n_of_attempts = options.delete(:num_of_attempts) || DEFAULT_NUM_OF_ATTEMPTS
n = nil; x = 0
while x < n_of_attempts
n = self.number(options)
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method save_cache
has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring. Open
def save_cache(cache)
res = true
cache.each do
|el|
unless el.exists?
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method load_cache
has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring. Open
def load_cache
res = []
works_roles_authors_params[:authors_attributes].each do
|a|
a[:roles_attributes].each { |r| (res << WorkRoleAuthor.new(work_id: @work.to_param, author_id: a[:id], role_id: r[:id])) unless r[:id].blank? } unless a[:id].blank?
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Rails 4.2.5 content_tag does not escape double quotes in attribute values (CVE-2016-6316). Upgrade to 4.2.7.1 Open
rails (4.2.5)
- Read upRead up
- Exclude checks
Rails 4.2.5 contains a SQL injection vulnerability (CVE-2016-6317). Upgrade to 4.2.7.1 Open
rails (4.2.5)
- Read upRead up
- Exclude checks