Issues - ServiceInnovationLab/pancake-backend

class RebateForm < ApplicationRecord
  include Discard::Model
  audited only: [:discarded_at], on: :update
 
  has_many :signatures, dependent: :destroy

Found in app/models/rebate_form.rb by rubocop

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

    nokogiri (1.10.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Remote shell execution vulnerability when applying commands from user input
Open

    image_processing (1.9.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Improper neutralization of data URIs may allow XSS in Loofah
Open

    loofah (2.3.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Uncontrolled Recursion in Loofah
Open

    loofah (2.3.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Out-of-bounds Write in zlib affects Nokogiri
Open

    nokogiri (1.10.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Directory traversal in Rack::Directory app bundled with Rack
Open

    rack (2.0.7)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Denial of Service (DoS) in Nokogiri on JRuby
Open

    nokogiri (1.10.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

XML Injection in Xerces Java affects Nokogiri
Open

    nokogiri (1.10.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

CSS injection with width and height options
Open

    chartkick (3.3.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

    nokogiri (1.10.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

    json (2.2.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

    nokogiri (1.10.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

    nokogiri (1.10.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

    rack (2.0.7)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

ServiceInnovationLab/pancake-backend

Showing 308 of 313 total issues

Information Exposure with Puma when used with Rails
Open

Keepalive Connections Causing Denial Of Service in puma
Open

HTTP Request Smuggling in puma
Open

ReDoS based DoS vulnerability in GlobalID
Open

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma
Open

Class has too many lines. [108/100]
Open

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

Remote shell execution vulnerability when applying commands from user input
Open

Improper neutralization of data URIs may allow XSS in Loofah
Open

Uncontrolled Recursion in Loofah
Open

Out-of-bounds Write in zlib affects Nokogiri
Open

Directory traversal in Rack::Directory app bundled with Rack
Open

Denial of Service (DoS) in Nokogiri on JRuby
Open

XML Injection in Xerces Java affects Nokogiri
Open

CSS injection with width and height options
Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

Severity

Category

Status

Source

Language

ServiceInnovationLab/pancake-backend

Showing 308 of 313 total issues

Information Exposure with Puma when used with Rails Open

Keepalive Connections Causing Denial Of Service in puma Open

HTTP Request Smuggling in puma Open

ReDoS based DoS vulnerability in GlobalID Open

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma Open

Class has too many lines. [108/100] Open

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35) Open

Remote shell execution vulnerability when applying commands from user input Open

Improper neutralization of data URIs may allow XSS in Loofah Open

Uncontrolled Recursion in Loofah Open

Out-of-bounds Write in zlib affects Nokogiri Open

Directory traversal in Rack::Directory app bundled with Rack Open

Denial of Service (DoS) in Nokogiri on JRuby Open

XML Injection in Xerces Java affects Nokogiri Open

CSS injection with width and height options Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability Open

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix) Open

Integer Overflow or Wraparound in libxml2 affects Nokogiri Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12 Open

Percent-encoded cookies can be used to overwrite existing prefixed cookie names Open

Severity

Category

Status

Source

Language

Information Exposure with Puma when used with Rails
Open

Keepalive Connections Causing Denial Of Service in puma
Open

HTTP Request Smuggling in puma
Open

ReDoS based DoS vulnerability in GlobalID
Open

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma
Open

Class has too many lines. [108/100]
Open

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

Remote shell execution vulnerability when applying commands from user input
Open

Improper neutralization of data URIs may allow XSS in Loofah
Open

Uncontrolled Recursion in Loofah
Open

Out-of-bounds Write in zlib affects Nokogiri
Open

Directory traversal in Rack::Directory app bundled with Rack
Open

Denial of Service (DoS) in Nokogiri on JRuby
Open

XML Injection in Xerces Java affects Nokogiri
Open

CSS injection with width and height options
Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open