Issues - afimb/cvdtc - Code Climate

Denial of Service in rubyzip ("zip bombs")
Open

    rubyzip (1.2.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-16892

Criticality: Medium

URL: https://github.com/rubyzip/rubyzip/pull/403

Solution: upgrade to >= 1.3.0

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

    nokogiri (1.6.8)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-cgx6-hpwq-fhv5

Solution: upgrade to >= 1.13.5

Keepalive thread overload/DoS in puma
Open

    puma (3.6.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-16770

Criticality: High

URL: https://github.com/puma/puma/security/advisories/GHSA-7xx3-m584-x994

Solution: upgrade to ~> 3.12.2, >= 4.3.1

httparty has multipart/form-data request tampering vulnerability
Open

    httparty (0.14.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

Criticality: Medium

URL: https://github.com/jnunemaker/httparty/security/advisories/GHSA-5pq7-52mg-hr42

Solution: upgrade to >= 0.21.0

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

    nokogiri (1.6.8)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-13117

URL: https://github.com/sparklemotion/nokogiri/issues/1943

Solution: upgrade to >= 1.10.5

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

    nokogiri (1.6.8)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw

Solution: upgrade to >= 1.13.9

Inefficient Regular Expression Complexity in Nokogiri
Open

    nokogiri (1.6.8)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-24836

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8

Solution: upgrade to >= 1.13.4

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

    nokogiri (1.6.8)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64

Solution: upgrade to >= 1.11.4

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

    nokogiri (1.6.8)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-26247

Criticality: Low

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m

Solution: upgrade to >= 1.11.0.rc4

HTTP Response Splitting (Early Hints) in Puma
Open

    puma (3.6.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-5249

Criticality: Medium

URL: https://github.com/puma/puma/security/advisories/GHSA-33vf-4xgg-9r58

Solution: upgrade to ~> 3.12.4, >= 4.3.3

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

    nokogiri (1.6.8)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2017-16932

URL: https://github.com/sparklemotion/nokogiri/issues/1714

Solution: upgrade to >= 1.8.1

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

    nokogiri (1.6.8)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2017-15412

URL: https://github.com/sparklemotion/nokogiri/issues/1714

Solution: upgrade to >= 1.8.2

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

    puma (3.6.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-11077

Criticality: Medium

URL: https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm

Solution: upgrade to ~> 3.12.6, >= 4.3.5

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23517

Criticality: High

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w

Solution: upgrade to >= 1.4.4

RuboCop gem Insecure use of /tmp
Open

    rubocop (0.42.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2017-8418

Criticality: Low

URL: https://github.com/bbatsov/rubocop/issues/4336

Solution: upgrade to >= 0.49.0

Loofah XSS Vulnerability
Open

    loofah (2.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-16468

Criticality: Medium

URL: https://github.com/flavorjones/loofah/issues/154

Solution: upgrade to >= 2.2.3

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

    nokogiri (1.6.8)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-5477

Criticality: Critical

URL: https://github.com/sparklemotion/nokogiri/issues/1915

Solution: upgrade to >= 1.10.4

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

    nokogiri (1.6.8)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-30560

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2

Solution: upgrade to >= 1.13.2

HTTP Response Splitting vulnerability in puma
Open

    puma (3.6.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-5247

Criticality: Medium

URL: https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v

Solution: upgrade to ~> 3.12.4, >= 4.3.3

Potential XSS vulnerability in jQuery
Open

    jquery-rails (4.0.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-11023

Criticality: Medium

URL: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released

Solution: upgrade to >= 4.4.0

afimb/cvdtc

Showing 145 of 145 total issues

Denial of Service in rubyzip ("zip bombs")
Open

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

Keepalive thread overload/DoS in puma
Open

httparty has multipart/form-data request tampering vulnerability
Open

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

Inefficient Regular Expression Complexity in Nokogiri
Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

HTTP Response Splitting (Early Hints) in Puma
Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

RuboCop gem Insecure use of /tmp
Open

Loofah XSS Vulnerability
Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

HTTP Response Splitting vulnerability in puma
Open

Potential XSS vulnerability in jQuery
Open

Severity

Category

Status

Source

Language

afimb/cvdtc

Showing 145 of 145 total issues

Denial of Service in rubyzip ("zip bombs") Open

Integer Overflow or Wraparound in libxml2 affects Nokogiri Open

Keepalive thread overload/DoS in puma Open

httparty has multipart/form-data request tampering vulnerability Open

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs Open

Inefficient Regular Expression Complexity in Nokogiri Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12 Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability Open

HTTP Response Splitting (Early Hints) in Puma Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities Open

HTTP Smuggling via Transfer-Encoding Header in Puma Open

Inefficient Regular Expression Complexity in rails-html-sanitizer Open

RuboCop gem Insecure use of /tmp Open

Loofah XSS Vulnerability Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file Open

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35) Open

HTTP Response Splitting vulnerability in puma Open

Potential XSS vulnerability in jQuery Open

Severity

Category

Status

Source

Language

Denial of Service in rubyzip ("zip bombs")
Open

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

Keepalive thread overload/DoS in puma
Open

httparty has multipart/form-data request tampering vulnerability
Open

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

Inefficient Regular Expression Complexity in Nokogiri
Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

HTTP Response Splitting (Early Hints) in Puma
Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

RuboCop gem Insecure use of /tmp
Open

Loofah XSS Vulnerability
Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

HTTP Response Splitting vulnerability in puma
Open

Potential XSS vulnerability in jQuery
Open