Issues - andela-hmasila/buclist

HTTP Response Splitting (Early Hints) in Puma
Open

    puma (3.6.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-5249

Criticality: Medium

URL: https://github.com/puma/puma/security/advisories/GHSA-33vf-4xgg-9r58

Solution: upgrade to ~> 3.12.4, >= 4.3.3

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

    rails-html-sanitizer (1.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-32209

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/ce9PhUANQ6s

Solution: upgrade to >= 1.4.3

Possible Information Disclosure / Unintended Method Execution in Action Pack
Open

    actionpack (5.0.0.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-22885

Criticality: High

URL: https://groups.google.com/g/rubyonrails-security/c/NiQl-48cXYI

Solution: upgrade to ~> 5.2.4.6, ~> 5.2.6, >= 6.0.3.7, ~> 6.0.3, >= 6.1.3.2

Potential XSS vulnerability in Action View
Open

    actionview (5.0.0.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-15169

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/b-C9kSGXYrc

Solution: upgrade to >= 5.2.4.4, ~> 5.2.4, >= 6.0.3.3

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

    json (2.0.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-10663

Criticality: High

URL: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/

Solution: upgrade to >= 2.3.0

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

    rack (2.0.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8184

Criticality: High

URL: https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak

Solution: upgrade to ~> 2.1.4, >= 2.2.3

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23520

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8

Solution: upgrade to >= 1.4.4

ReDoS based DoS vulnerability in Action Dispatch
Open

    actionpack (5.0.0.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2023-22792

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2017-5029

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1634

Solution: upgrade to >= 1.7.2

Inefficient Regular Expression Complexity in Nokogiri
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-24836

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8

Solution: upgrade to >= 1.13.4

Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2017-9050

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1673

Solution: upgrade to >= 1.8.1

Denial of Service (DoS) in Nokogiri on JRuby
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-24839

Criticality: High

URL: https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv

Solution: upgrade to >= 1.13.4

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23518

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m

Solution: upgrade to >= 1.4.4

Ability to forge per-form CSRF tokens given a global CSRF token
Open

    actionpack (5.0.0.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8166

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

Possible exposure of information vulnerability in Action Pack
Open

    actionpack (5.0.0.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23633

Criticality: High

URL: https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ

Solution: upgrade to >= 5.2.6.2, ~> 5.2.6, >= 6.0.4.6, ~> 6.0.4, >= 6.1.4.6, ~> 6.1.4, >= 7.0.2.2

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-5477

Criticality: Critical

URL: https://github.com/sparklemotion/nokogiri/issues/1915

Solution: upgrade to >= 1.10.4

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23517

Criticality: High

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w

Solution: upgrade to >= 1.4.4

Possible XSS vulnerability in ActionView
Open

    actionview (5.0.0.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-5267

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/55reWMM_Pg8

Solution: upgrade to >= 5.2.4.2, ~> 5.2.4, >= 6.0.2.2

Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-11068

URL: https://github.com/sparklemotion/nokogiri/issues/1892

Solution: upgrade to >= 1.10.3

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

    puma (3.6.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-11076

Criticality: High

URL: https://github.com/puma/puma/security/advisories/GHSA-x7jg-6pwg-fx5h

Solution: upgrade to ~> 3.12.5, >= 4.3.4

andela-hmasila/buclist

Showing 87 of 87 total issues

HTTP Response Splitting (Early Hints) in Puma
Open

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

Possible Information Disclosure / Unintended Method Execution in Action Pack
Open

Potential XSS vulnerability in Action View
Open

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

ReDoS based DoS vulnerability in Action Dispatch
Open

Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29
Open

Inefficient Regular Expression Complexity in Nokogiri
Open

Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities
Open

Denial of Service (DoS) in Nokogiri on JRuby
Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

Ability to forge per-form CSRF tokens given a global CSRF token
Open

Possible exposure of information vulnerability in Action Pack
Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

Possible XSS vulnerability in ActionView
Open

Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Open

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

Severity

Category

Status

Source

Language

andela-hmasila/buclist

Showing 87 of 87 total issues

HTTP Response Splitting (Early Hints) in Puma Open

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer Open

Possible Information Disclosure / Unintended Method Execution in Action Pack Open

Potential XSS vulnerability in Action View Open

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix) Open

Percent-encoded cookies can be used to overwrite existing prefixed cookie names Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer Open

ReDoS based DoS vulnerability in Action Dispatch Open

Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29 Open

Inefficient Regular Expression Complexity in Nokogiri Open

Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities Open

Denial of Service (DoS) in Nokogiri on JRuby Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer Open

Ability to forge per-form CSRF tokens given a global CSRF token Open

Possible exposure of information vulnerability in Action Pack Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file Open

Inefficient Regular Expression Complexity in rails-html-sanitizer Open

Possible XSS vulnerability in ActionView Open

Nokogiri gem, via libxslt, is affected by improper access control vulnerability Open

HTTP Smuggling via Transfer-Encoding Header in Puma Open

Severity

Category

Status

Source

Language

HTTP Response Splitting (Early Hints) in Puma
Open

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

Possible Information Disclosure / Unintended Method Execution in Action Pack
Open

Potential XSS vulnerability in Action View
Open

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

ReDoS based DoS vulnerability in Action Dispatch
Open

Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29
Open

Inefficient Regular Expression Complexity in Nokogiri
Open

Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities
Open

Denial of Service (DoS) in Nokogiri on JRuby
Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

Ability to forge per-form CSRF tokens given a global CSRF token
Open

Possible exposure of information vulnerability in Action Pack
Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

Possible XSS vulnerability in ActionView
Open

Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Open

HTTP Smuggling via Transfer-Encoding Header in Puma
Open