Sign upLogin

TechLadies/home-web

View on GitHub
Star

Showing 114 of 114 total issues

Nokogiri gem contains several vulnerabilities in libxml2 and libxslt
Open

    nokogiri (1.6.8)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2016-4658

Criticality: Critical

URL: https://github.com/sparklemotion/nokogiri/issues/1615

Solution: upgrade to >= 1.7.1

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

    nokogiri (1.6.8)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory:

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-cgx6-hpwq-fhv5

Solution: upgrade to >= 1.13.5

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

    puma (3.4.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-11077

Criticality: Medium

URL: https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm

Solution: upgrade to ~> 3.12.6, >= 4.3.5

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

    nokogiri (1.6.8)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory:

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64

Solution: upgrade to >= 1.11.4

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

    nokogiri (1.6.8)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory:

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw

Solution: upgrade to >= 1.13.9

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

    nokogiri (1.6.8)
Severity: Info
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-26247

Criticality: Low

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m

Solution: upgrade to >= 1.11.0.rc4

Prototype pollution attack through jQuery $.extend
Open

    jquery-rails (4.1.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-11358

Criticality: Medium

URL: https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/

Solution: upgrade to >= 4.3.4

Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities
Open

    nokogiri (1.6.8)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2017-9050

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1673

Solution: upgrade to >= 1.8.1

Nokogiri gem, via libxml2, is affected by multiple vulnerabilities
Open

    nokogiri (1.6.8)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-14404

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1785

Solution: upgrade to >= 1.8.5

Improper Handling of Unexpected Data Type in Nokogiri
Open

    nokogiri (1.6.8)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-29181

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m

Solution: upgrade to >= 1.13.6

HTTP Response Splitting vulnerability in puma
Open

    puma (3.4.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-5247

Criticality: Medium

URL: https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v

Solution: upgrade to ~> 3.12.4, >= 4.3.3

Improper Restriction of Excessive Authentication Attempts in Sorcery
Open

    sorcery (0.9.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-11052

Criticality: High

URL: https://github.com/Sorcery/sorcery/security/advisories/GHSA-jc8m-cxhj-668x

Solution: upgrade to >= 0.15.0

Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29
Open

    nokogiri (1.6.8)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2017-5029

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1634

Solution: upgrade to >= 1.7.2

Denial of Service (DoS) in Nokogiri on JRuby
Open

    nokogiri (1.6.8)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-24839

Criticality: High

URL: https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv

Solution: upgrade to >= 1.13.4

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

    rails-html-sanitizer (1.0.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-32209

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/ce9PhUANQ6s

Solution: upgrade to >= 1.4.3

Inefficient Regular Expression Complexity in Loofah
Open

    loofah (2.0.3)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23514

Criticality: High

URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-486f-hjj9-9vhh

Solution: upgrade to >= 2.19.1

Class CaseFilePresenter has 33 methods (exceeds 20 allowed). Consider refactoring.
Open

class CaseFilePresenter

  include ActionView::Helpers::NumberHelper
  include ActionView::Helpers::TextHelper
Severity: Minor
Found in app/presenters/case_file_presenter.rb - About 4 hrs to fix

    Function sort has 53 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

        sort: function(th, direction) {
      var start = new Date(),
        self = this,
        table = this.$table,
        //body = table.find('tbody').length > 0 ? table.find('tbody') : table,
    Severity: Major
    Found in app/assets/javascripts/jquery.tablesort.js - About 2 hrs to fix

      Method 'sort' has a complexity of 8.
      Open

          sort: function(th, direction) {
      Severity: Minor
      Found in app/assets/javascripts/jquery.tablesort.js by eslint

      Limit Cyclomatic Complexity (complexity)

      Cyclomatic complexity measures the number of linearly independent paths through a program's source code. This rule allows setting a cyclomatic complexity threshold.

      function a(x) {
    if (true) {
        return x; // 1st path
    } else if (false) {
        return x+1; // 2nd path
    } else {
        return 4; // 3rd path
    }
}

      Rule Details

      This rule is aimed at reducing code complexity by capping the amount of cyclomatic complexity allowed in a program. As such, it will warn when the cyclomatic complexity crosses the configured threshold (default is 20).

      Examples of incorrect code for a maximum of 2:

      /*eslint complexity: ["error", 2]*/

function a(x) {
    if (true) {
        return x;
    } else if (false) {
        return x+1;
    } else {
        return 4; // 3rd path
    }
}

      Examples of correct code for a maximum of 2:

      /*eslint complexity: ["error", 2]*/

function a(x) {
    if (true) {
        return x;
    } else {
        return 4;
    }
}

      Options

      Optionally, you may specify a max object property:

      "complexity": ["error", 2]

      is equivalent to

      "complexity": ["error", { "max": 2 }]

      Deprecated: the object property maximum is deprecated. Please use the property max instead.

      When Not To Use It

      If you can't determine an appropriate complexity limit for your code, then it's best to disable this rule.

      Further Reading

      Related Rules

      • [max-depth](max-depth.md)
      • [max-len](max-len.md)
      • [max-nested-callbacks](max-nested-callbacks.md)
      • [max-params](max-params.md)
      • [max-statements](max-statements.md) Source: http://eslint.org/docs/rules/

      Unsafe Query Generation Risk in Active Record
      Open

          activerecord (4.2.5.1)
      Severity: Critical
      Found in Gemfile.lock by bundler-audit

      Advisory: CVE-2016-6317

      Criticality: High

      URL: https://groups.google.com/forum/#!topic/rubyonrails-security/rgO20zYW33s

      Solution: upgrade to >= 4.2.7.1

      Severity
      Category
      Status
      Source
      Language