Sign upLogin

andyw8/techradar

View on GitHub
Star

Showing 208 of 209 total issues

XML Injection in Xerces Java affects Nokogiri
Open

    nokogiri (1.8.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23437

Criticality: Medium

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xxx9-3xcr-gjj3

Solution: upgrade to >= 1.13.4

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

    nokogiri (1.8.1)
Severity: Info
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-26247

Criticality: Low

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m

Solution: upgrade to >= 1.11.0.rc4

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

    nokogiri (1.8.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-41098

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h

Solution: upgrade to >= 1.12.5

Possible DoS Vulnerability in Active Record PostgreSQL adapter
Open

    activerecord (5.1.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-22880

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/ZzUqCh9vyhI

Solution: upgrade to >= 5.2.4.5, ~> 5.2.4, >= 6.0.3.5, ~> 6.0.3, >= 6.1.2.1

Devise Gem for Ruby confirmation token validation with a blank string
Open

    devise (4.3.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-16109

Criticality: Medium

URL: https://github.com/plataformatec/devise/issues/5071

Solution: upgrade to >= 4.7.1

libxml2 2.9.10 has an infinite loop in a certain end-of-file situation
Open

    nokogiri (1.8.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-7595

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1992

Solution: upgrade to >= 1.10.8

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

    rack (2.0.3)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8184

Criticality: High

URL: https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak

Solution: upgrade to ~> 2.1.4, >= 2.2.3

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

    rails-html-sanitizer (1.0.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-32209

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/ce9PhUANQ6s

Solution: upgrade to >= 1.4.3

Potential XSS vulnerability in Action View
Open

    actionview (5.1.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-15169

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/b-C9kSGXYrc

Solution: upgrade to >= 5.2.4.4, ~> 5.2.4, >= 6.0.3.3

Possible XSS vulnerability in ActionView
Open

    actionview (5.1.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-5267

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/55reWMM_Pg8

Solution: upgrade to >= 5.2.4.2, ~> 5.2.4, >= 6.0.2.2

Loofah XSS Vulnerability
Open

    loofah (2.1.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-15587

Criticality: Medium

URL: https://github.com/flavorjones/loofah/issues/171

Solution: upgrade to >= 2.3.1

Loofah XSS Vulnerability
Open

    loofah (2.1.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-16468

Criticality: Medium

URL: https://github.com/flavorjones/loofah/issues/154

Solution: upgrade to >= 2.2.3

Inefficient Regular Expression Complexity in Nokogiri
Open

    nokogiri (1.8.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-24836

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8

Solution: upgrade to >= 1.13.4

Denial of service in sidekiq
Open

    sidekiq (5.0.5)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23837

Criticality: High

URL: https://github.com/mperham/sidekiq/commit/7785ac1399f1b28992adb56055f6acd88fd1d956

Solution: upgrade to >= 6.4.0, ~> 5.2.10

Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
Open

    activesupport (5.1.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8165

Criticality: Critical

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

Older releases of better_errors open to Cross-Site Request Forgery attack
Open

    better_errors (2.4.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-39197

Criticality: Medium

URL: https://github.com/BetterErrors/better_errors/security/advisories/GHSA-w3j4-76qw-wwjm

Solution: upgrade to >= 2.8.0

XSS vulnerability in bootstrap-sass
Open

    bootstrap-sass (3.3.7)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-8331

Criticality: Medium

URL: https://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/

Solution: upgrade to >= 3.4.1

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

    nokogiri (1.8.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-5477

Criticality: Critical

URL: https://github.com/sparklemotion/nokogiri/issues/1915

Solution: upgrade to >= 1.10.4

XSS vulnerability via data-target in bootstrap-sass
Open

    bootstrap-sass (3.3.7)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2016-10735

Criticality: Medium

URL: https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/

Solution: upgrade to >= 3.4.0

Improper Handling of Unexpected Data Type in Nokogiri
Open

    nokogiri (1.8.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-29181

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m

Solution: upgrade to >= 1.13.6

Severity
Category
Status
Source
Language