Sign upLogin

andrewhao/bookplanner

View on GitHub
Star

Showing 139 of 139 total issues

Denial of service via multipart parsing in Rack
Open

    rack (1.5.5)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-44572

URL: https://github.com/rack/rack/releases/tag/v3.0.4.1

Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.1, ~> 2.2.6, >= 3.0.4.1

Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
Open

    activesupport (4.1.6)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8165

Criticality: Critical

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

    json (1.8.3)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-10663

Criticality: High

URL: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/

Solution: upgrade to >= 2.3.0

Denial of Service Vulnerability in Rack Content-Disposition parsing
Open

    rack (1.5.5)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-44571

URL: https://github.com/rack/rack/releases/tag/v3.0.4.1

Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.1, ~> 2.2.6, >= 3.0.4.1

ReDoS based DoS vulnerability in Action Dispatch
Open

    actionpack (4.1.6)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2023-22795

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

ReDoS based DoS vulnerability in Action Dispatch
Open

    actionpack (4.1.6)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2023-22792

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

haml failure to escape single quotes
Open

    haml (4.0.5)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2017-1002201

Criticality: Medium

URL: https://github.com/haml/haml/commit/18576ae6e9bdcb4303fdbe6b3199869d289d67c2

Solution: upgrade to >= 5.0.0.beta.2

Possible Strong Parameters Bypass in ActionPack
Open

    actionpack (4.1.6)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8164

Criticality: High

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

OS Command Injection in Rake
Open

    rake (10.4.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8130

Criticality: High

URL: https://github.com/advisories/GHSA-jppv-gw3r-w3q8

Solution: upgrade to >= 12.3.3

Insecure Source URI found: git://github.com/sinisterchipmunk/rspec-prof.git
Open

  remote: git://github.com/sinisterchipmunk/rspec-prof.git
Severity: Minor
Found in Gemfile.lock by bundler-audit

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

    nokogiri (1.6.7.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory:

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64

Solution: upgrade to >= 1.11.4

uglifier incorrectly handles non-boolean comparisons during minification
Open

    uglifier (2.3.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: OSVDB-126747

URL: https://github.com/mishoo/UglifyJS2/issues/751

Solution: upgrade to >= 2.7.2

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

    nokogiri (1.6.7.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory:

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw

Solution: upgrade to >= 1.13.9

Possible information leak / session hijack vulnerability
Open

    rack (1.5.5)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-16782

Criticality: Medium

URL: https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3

Solution: upgrade to ~> 1.6.12, >= 2.0.8

i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS
Open

    i18n (0.7.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2014-10077

URL: https://github.com/svenfuchs/i18n/pull/289

Solution: upgrade to >= 0.8.0

Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities
Open

    nokogiri (1.6.7.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2017-9050

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1673

Solution: upgrade to >= 1.8.1

Insecure Source URI found: git://github.com/plataformatec/simple_form.git
Open

  remote: git://github.com/plataformatec/simple_form.git
Severity: Minor
Found in Gemfile.lock by bundler-audit

Out-of-bounds Write in zlib affects Nokogiri
Open

    nokogiri (1.6.7.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-25032

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5

Solution: upgrade to >= 1.13.4

Potential remote code execution of user-provided local names in ActionView
Open

    actionview (4.1.6)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8163

Criticality: High

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/hWuKcHyoKh0

Solution: upgrade to >= 4.2.11.2

File Content Disclosure in Action View
Open

    actionview (4.1.6)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-5418

Criticality: High

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q

Solution: upgrade to >= 4.2.11.1, ~> 4.2.11, >= 5.0.7.2, ~> 5.0.7, >= 5.1.6.2, ~> 5.1.6, >= 5.2.2.1, ~> 5.2.2, >= 6.0.0.beta3

Severity
Category
Status
Source
Language