Issues - TechLadies/home-web

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23517

Criticality: High

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w

Solution: upgrade to >= 1.4.4

Potential XSS vulnerability in jQuery
Open

    jquery-rails (4.1.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-11023

Criticality: Medium

URL: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released

Solution: upgrade to >= 4.4.0

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

    nokogiri (1.6.8)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2017-16932

URL: https://github.com/sparklemotion/nokogiri/issues/1714

Solution: upgrade to >= 1.8.1

Inefficient Regular Expression Complexity in Nokogiri
Open

    nokogiri (1.6.8)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-24836

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8

Solution: upgrade to >= 1.13.4

HTTP Response Splitting (Early Hints) in Puma
Open

    puma (3.4.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-5249

Criticality: Medium

URL: https://github.com/puma/puma/security/advisories/GHSA-33vf-4xgg-9r58

Solution: upgrade to ~> 3.12.4, >= 4.3.3

Keepalive thread overload/DoS in puma
Open

    puma (3.4.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-16770

Criticality: High

URL: https://github.com/puma/puma/security/advisories/GHSA-7xx3-m584-x994

Solution: upgrade to ~> 3.12.2, >= 4.3.1

XSS vulnerability in bootstrap-sass
Open

    bootstrap-sass (3.3.6)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-8331

Criticality: Medium

URL: https://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/

Solution: upgrade to >= 3.4.1

i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS
Open

    i18n (0.7.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2014-10077

URL: https://github.com/svenfuchs/i18n/pull/289

Solution: upgrade to >= 0.8.0

XML Injection in Xerces Java affects Nokogiri
Open

    nokogiri (1.6.8)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23437

Criticality: Medium

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xxx9-3xcr-gjj3

Solution: upgrade to >= 1.13.4

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

    nokogiri (1.6.8)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-13117

URL: https://github.com/sparklemotion/nokogiri/issues/1943

Solution: upgrade to >= 1.10.5

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23519

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h

Solution: upgrade to >= 1.4.4

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23518

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m

Solution: upgrade to >= 1.4.4

Path Traversal in Sprockets
Open

    sprockets (3.6.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-3760

Criticality: High

URL: https://groups.google.com/forum/#!topic/ruby-security-ann/2S9Pwz2i16k

Solution: upgrade to < 3.0.0, >= 2.12.5, < 4.0.0, >= 3.7.2, >= 4.0.0.beta8

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

    nokogiri (1.6.8)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-5477

Criticality: Critical

URL: https://github.com/sparklemotion/nokogiri/issues/1915

Solution: upgrade to >= 1.10.4

Loofah XSS Vulnerability
Open

    loofah (2.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-15587

Criticality: Medium

URL: https://github.com/flavorjones/loofah/issues/171

Solution: upgrade to >= 2.3.1

Loofah XSS Vulnerability
Open

    loofah (2.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-8048

Criticality: Medium

URL: https://github.com/flavorjones/loofah/issues/144

Solution: upgrade to >= 2.2.1

libxml2 2.9.10 has an infinite loop in a certain end-of-file situation
Open

    nokogiri (1.6.8)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-7595

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1992

Solution: upgrade to >= 1.10.8

Moderate severity vulnerability that affects nokogiri
Open

    nokogiri (1.6.8)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2017-18258

Criticality: Medium

URL: https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb

Solution: upgrade to >= 1.8.2

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

    nokogiri (1.6.8)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2017-15412

URL: https://github.com/sparklemotion/nokogiri/issues/1714

Solution: upgrade to >= 1.8.2

Out-of-bounds Write in zlib affects Nokogiri
Open

    nokogiri (1.6.8)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-25032

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5

Solution: upgrade to >= 1.13.4

TechLadies/home-web

Showing 114 of 114 total issues

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

Potential XSS vulnerability in jQuery
Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

Inefficient Regular Expression Complexity in Nokogiri
Open

HTTP Response Splitting (Early Hints) in Puma
Open

Keepalive thread overload/DoS in puma
Open

XSS vulnerability in bootstrap-sass
Open

i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS
Open

XML Injection in Xerces Java affects Nokogiri
Open

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

Path Traversal in Sprockets
Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

Loofah XSS Vulnerability
Open

Loofah XSS Vulnerability
Open

libxml2 2.9.10 has an infinite loop in a certain end-of-file situation
Open

Moderate severity vulnerability that affects nokogiri
Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

Out-of-bounds Write in zlib affects Nokogiri
Open

Severity

Category

Status

Source

Language

TechLadies/home-web

Showing 114 of 114 total issues

Inefficient Regular Expression Complexity in rails-html-sanitizer Open

Potential XSS vulnerability in jQuery Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities Open

Inefficient Regular Expression Complexity in Nokogiri Open

HTTP Response Splitting (Early Hints) in Puma Open

Keepalive thread overload/DoS in puma Open

XSS vulnerability in bootstrap-sass Open

i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS Open

XML Injection in Xerces Java affects Nokogiri Open

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer Open

Path Traversal in Sprockets Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file Open

Loofah XSS Vulnerability Open

Loofah XSS Vulnerability Open

libxml2 2.9.10 has an infinite loop in a certain end-of-file situation Open

Moderate severity vulnerability that affects nokogiri Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities Open

Out-of-bounds Write in zlib affects Nokogiri Open

Severity

Category

Status

Source

Language

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

Potential XSS vulnerability in jQuery
Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

Inefficient Regular Expression Complexity in Nokogiri
Open

HTTP Response Splitting (Early Hints) in Puma
Open

Keepalive thread overload/DoS in puma
Open

XSS vulnerability in bootstrap-sass
Open

i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS
Open

XML Injection in Xerces Java affects Nokogiri
Open

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

Path Traversal in Sprockets
Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

Loofah XSS Vulnerability
Open

Loofah XSS Vulnerability
Open

libxml2 2.9.10 has an infinite loop in a certain end-of-file situation
Open

Moderate severity vulnerability that affects nokogiri
Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

Out-of-bounds Write in zlib affects Nokogiri
Open