Issues - andrewhao/bookplanner

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

    nokogiri (1.6.7.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-cgx6-hpwq-fhv5

Solution: upgrade to >= 1.13.5

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

    nokogiri (1.6.7.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-26247

Criticality: Low

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m

Solution: upgrade to >= 1.11.0.rc4

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

    nokogiri (1.6.7.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-41098

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h

Solution: upgrade to >= 1.12.5

Denial of Service in rubyzip ("zip bombs")
Open

    rubyzip (1.1.7)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-16892

Criticality: Medium

URL: https://github.com/rubyzip/rubyzip/pull/403

Solution: upgrade to >= 1.3.0

Denial of Service Vulnerability in Action View
Open

    actionview (4.1.6)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-5419

Criticality: High

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/GN7w9fFAQeI

Solution: upgrade to >= 6.0.0.beta3, >= 5.2.2.1, ~> 5.2.2, >= 5.1.6.2, ~> 5.1.6, >= 5.0.7.2, ~> 5.0.7, >= 4.2.11.1, ~> 4.2.11

Possible XSS Vulnerability in Action View
Open

    actionview (4.1.6)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2016-6316

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/I-VWr034ouk

Solution: upgrade to ~> 4.2.7.1, ~> 4.2.8, >= 5.0.0.1

Path Traversal in Sprockets
Open

    sprockets (2.11.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-3760

Criticality: High

URL: https://groups.google.com/forum/#!topic/ruby-security-ann/2S9Pwz2i16k

Solution: upgrade to < 3.0.0, >= 2.12.5, < 4.0.0, >= 3.7.2, >= 4.0.0.beta8

Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29
Open

    nokogiri (1.6.7.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2017-5029

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1634

Solution: upgrade to >= 1.7.2

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

    nokogiri (1.6.7.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-30560

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2

Solution: upgrade to >= 1.13.2

Nokogiri gem, via libxml2, is affected by multiple vulnerabilities
Open

    nokogiri (1.6.7.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-14404

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1785

Solution: upgrade to >= 1.8.5

Inefficient Regular Expression Complexity in Nokogiri
Open

    nokogiri (1.6.7.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-24836

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8

Solution: upgrade to >= 1.13.4

Improper Handling of Unexpected Data Type in Nokogiri
Open

    nokogiri (1.6.7.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-29181

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m

Solution: upgrade to >= 1.13.6

Revert libxml2 behavior in Nokogiri gem that could cause XSS
Open

    nokogiri (1.6.7.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-8048

URL: https://github.com/sparklemotion/nokogiri/pull/1746

Solution: upgrade to >= 1.8.3

Directory Traversal in rubyzip
Open

    rubyzip (1.1.7)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-1000544

Criticality: Critical

URL: https://github.com/rubyzip/rubyzip/issues/369

Solution: upgrade to >= 1.2.2

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

    nokogiri (1.6.7.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-5477

Criticality: Critical

URL: https://github.com/sparklemotion/nokogiri/issues/1915

Solution: upgrade to >= 1.10.4

Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Open

    nokogiri (1.6.7.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-11068

URL: https://github.com/sparklemotion/nokogiri/issues/1892

Solution: upgrade to >= 1.10.3

Nokogiri gem contains several vulnerabilities in libxml2 and libxslt
Open

    nokogiri (1.6.7.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2016-4658

Criticality: Critical

URL: https://github.com/sparklemotion/nokogiri/issues/1615

Solution: upgrade to >= 1.7.1

Directory traversal vulnerability in rubyzip
Open

    rubyzip (1.1.7)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2017-5946

Criticality: Critical

URL: https://github.com/rubyzip/rubyzip/issues/315

Solution: upgrade to >= 1.2.1

Older releases of better_errors open to Cross-Site Request Forgery attack
Open

    better_errors (2.1.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-39197

Criticality: Medium

URL: https://github.com/BetterErrors/better_errors/security/advisories/GHSA-w3j4-76qw-wwjm

Solution: upgrade to >= 2.8.0

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

    nokogiri (1.6.7.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2017-15412

URL: https://github.com/sparklemotion/nokogiri/issues/1714

Solution: upgrade to >= 1.8.2

andrewhao/bookplanner

Showing 139 of 139 total issues

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

Denial of Service in rubyzip ("zip bombs")
Open

Denial of Service Vulnerability in Action View
Open

Possible XSS Vulnerability in Action View
Open

Path Traversal in Sprockets
Open

Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29
Open

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

Nokogiri gem, via libxml2, is affected by multiple vulnerabilities
Open

Inefficient Regular Expression Complexity in Nokogiri
Open

Improper Handling of Unexpected Data Type in Nokogiri
Open

Revert libxml2 behavior in Nokogiri gem that could cause XSS
Open

Directory Traversal in rubyzip
Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Open

Nokogiri gem contains several vulnerabilities in libxml2 and libxslt
Open

Directory traversal vulnerability in rubyzip
Open

Older releases of better_errors open to Cross-Site Request Forgery attack
Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

Severity

Category

Status

Source

Language

andrewhao/bookplanner

Showing 139 of 139 total issues

Integer Overflow or Wraparound in libxml2 affects Nokogiri Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability Open

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby Open

Denial of Service in rubyzip ("zip bombs") Open

Denial of Service Vulnerability in Action View Open

Possible XSS Vulnerability in Action View Open

Path Traversal in Sprockets Open

Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29 Open

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35) Open

Nokogiri gem, via libxml2, is affected by multiple vulnerabilities Open

Inefficient Regular Expression Complexity in Nokogiri Open

Improper Handling of Unexpected Data Type in Nokogiri Open

Revert libxml2 behavior in Nokogiri gem that could cause XSS Open

Directory Traversal in rubyzip Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file Open

Nokogiri gem, via libxslt, is affected by improper access control vulnerability Open

Nokogiri gem contains several vulnerabilities in libxml2 and libxslt Open

Directory traversal vulnerability in rubyzip Open

Older releases of better_errors open to Cross-Site Request Forgery attack Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities Open

Severity

Category

Status

Source

Language

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

Denial of Service in rubyzip ("zip bombs")
Open

Denial of Service Vulnerability in Action View
Open

Possible XSS Vulnerability in Action View
Open

Path Traversal in Sprockets
Open

Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29
Open

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

Nokogiri gem, via libxml2, is affected by multiple vulnerabilities
Open

Inefficient Regular Expression Complexity in Nokogiri
Open

Improper Handling of Unexpected Data Type in Nokogiri
Open

Revert libxml2 behavior in Nokogiri gem that could cause XSS
Open

Directory Traversal in rubyzip
Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Open

Nokogiri gem contains several vulnerabilities in libxml2 and libxslt
Open

Directory traversal vulnerability in rubyzip
Open

Older releases of better_errors open to Cross-Site Request Forgery attack
Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open