Sign upLogin

afimb/cvdtc

View on GitHub
Star

Showing 145 of 145 total issues

ReDoS based DoS vulnerability in GlobalID
Open

    globalid (0.3.7)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2023-22799

URL: https://github.com/rails/globalid/releases/tag/v1.0.1

Solution: upgrade to >= 1.0.1

Cross-site Scripting in Sidekiq
Open

    sidekiq (4.0.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-30151

Criticality: Medium

URL: https://github.com/advisories/GHSA-grh7-935j-hg6w

Solution: upgrade to ~> 5.2.0, >= 6.2.1

Method validate_params_4 has 326 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def self.validate_params_4
    {
      check_allowed_transport_modes: 0,
      check_lines_in_groups: 0,
      check_line_routes: 0,
Severity: Major
Found in app/services/parameters_service.rb - About 1 day to fix

    File parameters_service.rb has 550 lines of code (exceeds 250 allowed). Consider refactoring.
    Open

    class ParametersService
  def initialize(job)
    @job = job
    @format = job.format.to_s
    @format_convert = job.format_convert.split('_')[1].to_s if job.format_convert.to_s['_']
    Severity: Major
    Found in app/services/parameters_service.rb - About 1 day to fix

      i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS
      Open

          i18n (0.7.0)
      Severity: Minor
      Found in Gemfile.lock by bundler-audit

      Advisory: CVE-2014-10077

      URL: https://github.com/svenfuchs/i18n/pull/289

      Solution: upgrade to >= 0.8.0

      Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities
      Open

          nokogiri (1.6.8)
      Severity: Critical
      Found in Gemfile.lock by bundler-audit

      Advisory: CVE-2017-9050

      Criticality: High

      URL: https://github.com/sparklemotion/nokogiri/issues/1673

      Solution: upgrade to >= 1.8.1

      libxml2 2.9.10 has an infinite loop in a certain end-of-file situation
      Open

          nokogiri (1.6.8)
      Severity: Critical
      Found in Gemfile.lock by bundler-audit

      Advisory: CVE-2020-7595

      Criticality: High

      URL: https://github.com/sparklemotion/nokogiri/issues/1992

      Solution: upgrade to >= 1.10.8

      Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
      Open

          nokogiri (1.6.8)
      Severity: Critical
      Found in Gemfile.lock by bundler-audit

      Advisory: CVE-2021-41098

      Criticality: High

      URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h

      Solution: upgrade to >= 1.12.5

      Possible XSS vulnerability with certain configurations of rails-html-sanitizer
      Open

          rails-html-sanitizer (1.0.3)
      Severity: Minor
      Found in Gemfile.lock by bundler-audit

      Advisory: CVE-2022-23520

      Criticality: Medium

      URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8

      Solution: upgrade to >= 1.4.4

      HTTP Smuggling via Transfer-Encoding Header in Puma
      Open

          puma (3.6.0)
      Severity: Critical
      Found in Gemfile.lock by bundler-audit

      Advisory: CVE-2020-11076

      Criticality: High

      URL: https://github.com/puma/puma/security/advisories/GHSA-x7jg-6pwg-fx5h

      Solution: upgrade to ~> 3.12.5, >= 4.3.4

      Prototype pollution attack through jQuery $.extend
      Open

          jquery-rails (4.0.5)
      Severity: Minor
      Found in Gemfile.lock by bundler-audit

      Advisory: CVE-2019-11358

      Criticality: Medium

      URL: https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/

      Solution: upgrade to >= 4.3.4

      Regular Expression Denial of Service in Addressable templates
      Open

          addressable (2.4.0)
      Severity: Critical
      Found in Gemfile.lock by bundler-audit

      Advisory: CVE-2021-32740

      Criticality: High

      URL: https://github.com/advisories/GHSA-jxhc-q857-3j6g

      Solution: upgrade to >= 2.8.0

      Loofah XSS Vulnerability
      Open

          loofah (2.0.3)
      Severity: Minor
      Found in Gemfile.lock by bundler-audit

      Advisory: CVE-2019-15587

      Criticality: Medium

      URL: https://github.com/flavorjones/loofah/issues/171

      Solution: upgrade to >= 2.3.1

      Nokogiri gem, via libxml2, is affected by multiple vulnerabilities
      Open

          nokogiri (1.6.8)
      Severity: Critical
      Found in Gemfile.lock by bundler-audit

      Advisory: CVE-2018-14404

      Criticality: High

      URL: https://github.com/sparklemotion/nokogiri/issues/1785

      Solution: upgrade to >= 1.8.5

      Moderate severity vulnerability that affects nokogiri
      Open

          nokogiri (1.6.8)
      Severity: Minor
      Found in Gemfile.lock by bundler-audit

      Advisory: CVE-2017-18258

      Criticality: Medium

      URL: https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb

      Solution: upgrade to >= 1.8.2

      Nokogiri gem contains several vulnerabilities in libxml2 and libxslt
      Open

          nokogiri (1.6.8)
      Severity: Minor
      Found in Gemfile.lock by bundler-audit

      Advisory: CVE-2016-4658

      Criticality: Critical

      URL: https://github.com/sparklemotion/nokogiri/issues/1615

      Solution: upgrade to >= 1.7.1

      Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
      Open

          rails-html-sanitizer (1.0.3)
      Severity: Minor
      Found in Gemfile.lock by bundler-audit

      Advisory: CVE-2022-23518

      Criticality: Medium

      URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m

      Solution: upgrade to >= 1.4.4

      Loofah XSS Vulnerability
      Open

          loofah (2.0.3)
      Severity: Minor
      Found in Gemfile.lock by bundler-audit

      Advisory: CVE-2018-8048

      Criticality: Medium

      URL: https://github.com/flavorjones/loofah/issues/144

      Solution: upgrade to >= 2.2.1

      Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29
      Open

          nokogiri (1.6.8)
      Severity: Critical
      Found in Gemfile.lock by bundler-audit

      Advisory: CVE-2017-5029

      Criticality: High

      URL: https://github.com/sparklemotion/nokogiri/issues/1634

      Solution: upgrade to >= 1.7.2

      Denial of Service (DoS) in Nokogiri on JRuby
      Open

          nokogiri (1.6.8)
      Severity: Critical
      Found in Gemfile.lock by bundler-audit

      Advisory: CVE-2022-24839

      Criticality: High

      URL: https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv

      Solution: upgrade to >= 1.13.4

      Severity
      Category
      Status
      Source
      Language