Issues - andyw8/techradar

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23519

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h

Solution: upgrade to >= 1.4.4

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23520

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8

Solution: upgrade to >= 1.4.4

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23518

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m

Solution: upgrade to >= 1.4.4

Possible XSS Vulnerability in Action View tag helpers
Open

    actionview (5.1.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-27777

Criticality: Medium

URL: https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw

Solution: upgrade to >= 5.2.7.1, ~> 5.2.7, >= 6.0.4.8, ~> 6.0.4, >= 6.1.5.1, ~> 6.1.5, >= 7.0.2.4

CSRF Vulnerability in rails-ujs
Open

    actionview (5.1.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8167

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

    json (2.1.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-10663

Criticality: High

URL: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/

Solution: upgrade to >= 2.3.0

rails_admin ruby gem XSS vulnerability
Open

    rails_admin (1.2.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2017-12098

Criticality: Medium

URL: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0450

Solution: upgrade to >= 1.3.0

Possible RCE escalation bug with Serialized Columns in Active Record
Open

    activerecord (5.1.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-32224

Criticality: Critical

URL: https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U

Solution: upgrade to >= 5.2.8.1, ~> 5.2.8, >= 6.0.5.1, ~> 6.0.5, >= 6.1.6.1, ~> 6.1.6, >= 7.0.3.1

Regular Expression Denial of Service in Addressable templates
Open

    addressable (2.5.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-32740

Criticality: High

URL: https://github.com/advisories/GHSA-jxhc-q857-3j6g

Solution: upgrade to >= 2.8.0

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

    nokogiri (1.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-13117

URL: https://github.com/sparklemotion/nokogiri/issues/1943

Solution: upgrade to >= 1.10.5

Directory traversal in Rack::Directory app bundled with Rack
Open

    rack (2.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8161

Criticality: High

URL: https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA

Solution: upgrade to ~> 2.1.3, >= 2.2.0

Possible Strong Parameters Bypass in ActionPack
Open

    actionpack (5.1.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8164

Criticality: High

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

Loofah XSS Vulnerability
Open

    loofah (2.1.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-8048

Criticality: Medium

URL: https://github.com/flavorjones/loofah/issues/144

Solution: upgrade to >= 2.2.1

Denial of Service (DoS) in Nokogiri on JRuby
Open

    nokogiri (1.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-24839

Criticality: High

URL: https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv

Solution: upgrade to >= 1.13.4

Denial of Service in rubyzip ("zip bombs")
Open

    rubyzip (1.2.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-16892

Criticality: Medium

URL: https://github.com/rubyzip/rubyzip/pull/403

Solution: upgrade to >= 1.3.0

ReDoS based DoS vulnerability in Action Dispatch
Open

    actionpack (5.1.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2023-22795

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Inefficient Regular Expression Complexity in Loofah
Open

    loofah (2.1.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23514

Criticality: High

URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-486f-hjj9-9vhh

Solution: upgrade to >= 2.19.1

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

    nokogiri (1.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-cgx6-hpwq-fhv5

Solution: upgrade to >= 1.13.5

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

    nokogiri (1.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-30560

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2

Solution: upgrade to >= 1.13.2

Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Open

    nokogiri (1.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-11068

URL: https://github.com/sparklemotion/nokogiri/issues/1892

Solution: upgrade to >= 1.10.3

andyw8/techradar

Showing 208 of 209 total issues

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

Possible XSS Vulnerability in Action View tag helpers
Open

CSRF Vulnerability in rails-ujs
Open

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

rails_admin ruby gem XSS vulnerability
Open

Possible RCE escalation bug with Serialized Columns in Active Record
Open

Regular Expression Denial of Service in Addressable templates
Open

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

Directory traversal in Rack::Directory app bundled with Rack
Open

Possible Strong Parameters Bypass in ActionPack
Open

Loofah XSS Vulnerability
Open

Denial of Service (DoS) in Nokogiri on JRuby
Open

Denial of Service in rubyzip ("zip bombs")
Open

ReDoS based DoS vulnerability in Action Dispatch
Open

Inefficient Regular Expression Complexity in Loofah
Open

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Open

Severity

Category

Status

Source

Language

andyw8/techradar

Showing 208 of 209 total issues

Possible XSS vulnerability with certain configurations of rails-html-sanitizer Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer Open

Possible XSS Vulnerability in Action View tag helpers Open

CSRF Vulnerability in rails-ujs Open

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix) Open

rails_admin ruby gem XSS vulnerability Open

Possible RCE escalation bug with Serialized Columns in Active Record Open

Regular Expression Denial of Service in Addressable templates Open

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities Open

Directory traversal in Rack::Directory app bundled with Rack Open

Possible Strong Parameters Bypass in ActionPack Open

Loofah XSS Vulnerability Open

Denial of Service (DoS) in Nokogiri on JRuby Open

Denial of Service in rubyzip ("zip bombs") Open

ReDoS based DoS vulnerability in Action Dispatch Open

Inefficient Regular Expression Complexity in Loofah Open

Integer Overflow or Wraparound in libxml2 affects Nokogiri Open

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35) Open

Nokogiri gem, via libxslt, is affected by improper access control vulnerability Open

Severity

Category

Status

Source

Language

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

Possible XSS Vulnerability in Action View tag helpers
Open

CSRF Vulnerability in rails-ujs
Open

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

rails_admin ruby gem XSS vulnerability
Open

Possible RCE escalation bug with Serialized Columns in Active Record
Open

Regular Expression Denial of Service in Addressable templates
Open

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

Directory traversal in Rack::Directory app bundled with Rack
Open

Possible Strong Parameters Bypass in ActionPack
Open

Loofah XSS Vulnerability
Open

Denial of Service (DoS) in Nokogiri on JRuby
Open

Denial of Service in rubyzip ("zip bombs")
Open

ReDoS based DoS vulnerability in Action Dispatch
Open

Inefficient Regular Expression Complexity in Loofah
Open

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Open