Sign upLogin

atzorvas/ccradio

View on GitHub
Star
Gemfile.lock

Summary

Maintainability
Test Coverage

Showing 109 of 109 total issues

Denial of Service Vulnerability in Rack Content-Disposition parsing
Open

    rack (1.6.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Directory traversal in Rack::Directory app bundled with Rack
Open

    rack (1.6.4)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Possible Information Disclosure / Unintended Method Execution in Action Pack
Open

    actionpack (4.2.4)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Possible RCE escalation bug with Serialized Columns in Active Record
Open

    activerecord (4.2.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Possible DoS Vulnerability in Active Record PostgreSQL adapter
Open

    activerecord (4.2.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Devise Gem for Ruby confirmation token validation with a blank string
Open

    devise (3.5.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

    puma (2.14.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Possible shell escape sequence injection vulnerability in Rack
Open

    rack (1.6.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

ReDoS based DoS vulnerability in Action Dispatch
Open

    actionpack (4.2.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Keepalive thread overload/DoS in puma
Open

    puma (2.14.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Information Exposure with Puma when used with Rails
Open

    puma (2.14.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

ReDoS based DoS vulnerability in Active Support’s underscore
Open

    activesupport (4.2.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

HTTP Response Splitting vulnerability in puma
Open

    puma (2.14.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

HTTP Request Smuggling in puma
Open

    puma (2.14.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Cross-site Scripting in Sidekiq
Open

    sidekiq (3.5.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Ability to forge per-form CSRF tokens given a global CSRF token
Open

    actionpack (4.2.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

CSRF Vulnerability in rails-ujs
Open

    actionview (4.2.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Denial of service via header parsing in Rack
Open

    rack (1.6.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Denial of service in sidekiq
Open

    sidekiq (3.5.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Keepalive Connections Causing Denial Of Service in puma
Open

    puma (2.14.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

    json (1.8.3)
Severity: Critical
Found in Gemfile.lock by bundler-audit

CSRF vulnerability in OmniAuth's request phase
Open

    omniauth (1.2.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

OS Command Injection in Rake
Open

    rake (10.4.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

    activerecord (4.2.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

HTTP Response Splitting (Early Hints) in Puma
Open

    puma (2.14.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Denial of service via multipart parsing in Rack
Open

    rack (1.6.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

    rack (1.6.4)
Severity: Critical
Found in Gemfile.lock by bundler-audit

RDoc OS command injection vulnerability
Open

    rdoc (4.2.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Possible XSS vulnerability in ActionView
Open

    actionview (4.2.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
Open

    activesupport (4.2.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

ReDoS based DoS vulnerability in GlobalID
Open

    globalid (0.3.6)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma
Open

    puma (2.14.0)
Severity: Info
Found in Gemfile.lock by bundler-audit

Possible XSS Vulnerability in Action View tag helpers
Open

    actionview (4.2.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

    puma (2.14.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Denial of Service Vulnerability in Rack Multipart Parsing
Open

    rack (1.6.4)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Possible DoS Vulnerability in Action Controller Token Authentication
Open

    actionpack (4.2.4)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Possible Strong Parameters Bypass in ActionPack
Open

    actionpack (4.2.4)
Severity: Critical
Found in Gemfile.lock by bundler-audit

ReDoS based DoS vulnerability in Action Dispatch
Open

    actionpack (4.2.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Devise Gem for Ruby Time-of-check Time-of-use race condition with lockable module
Open

    devise (3.5.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Sinatra vulnerable to Reflected File Download attack
Open

    sinatra (1.4.6)
Severity: Critical
Found in Gemfile.lock by bundler-audit

sinatra does not validate expanded path matches
Open

    sinatra (1.4.6)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Potential XSS vulnerability in Action View
Open

    actionview (4.2.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

XSS vulnerability via data-target in bootstrap-sass
Open

    bootstrap-sass (3.3.5.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Out-of-bounds Write in zlib affects Nokogiri
Open

    nokogiri (1.6.6.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities
Open

    nokogiri (1.6.6.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

    nokogiri (1.6.6.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Open

    nokogiri (1.6.6.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Improper Handling of Unexpected Data Type in Nokogiri
Open

    nokogiri (1.6.6.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Potential XSS vulnerability in jQuery
Open

    jquery-rails (4.0.5)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

    nokogiri (1.6.6.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Denial of Service (DoS) in Nokogiri on JRuby
Open

    nokogiri (1.6.6.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS
Open

    i18n (0.7.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Inefficient Regular Expression Complexity in Loofah
Open

    loofah (2.0.3)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Loofah XSS Vulnerability
Open

    loofah (2.0.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

    nokogiri (1.6.6.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Loofah XSS Vulnerability
Open

    loofah (2.0.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Nokogiri gem, via libxml2, is affected by multiple vulnerabilities
Open

    nokogiri (1.6.6.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Loofah XSS Vulnerability
Open

    loofah (2.0.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

XML Injection in Xerces Java affects Nokogiri
Open

    nokogiri (1.6.6.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29
Open

    nokogiri (1.6.6.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

    nokogiri (1.6.6.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Regular Expression Denial of Service in Addressable templates
Open

    addressable (2.3.8)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

    nokogiri (1.6.6.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

    nokogiri (1.6.6.2)
Severity: Info
Found in Gemfile.lock by bundler-audit

libxml2 2.9.10 has an infinite loop in a certain end-of-file situation
Open

    nokogiri (1.6.6.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Revert libxml2 behavior in Nokogiri gem that could cause XSS
Open

    nokogiri (1.6.6.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Path Traversal in Sprockets
Open

    sprockets (3.4.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

OmniAuth's lib/omniauth/failure_endpoint.rb does not escape message_key value
Open

    omniauth (1.2.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Insecure Source URI found: git://github.com/atzorvas/omniauth-wordpress-oauth2-plugin.git
Open

  remote: git://github.com/atzorvas/omniauth-wordpress-oauth2-plugin.git
Severity: Minor
Found in Gemfile.lock by bundler-audit

XSS vulnerability in bootstrap-sass
Open

    bootstrap-sass (3.3.5.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

    nokogiri (1.6.6.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Inefficient Regular Expression Complexity in Nokogiri
Open

    nokogiri (1.6.6.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

    nokogiri (1.6.6.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Prototype pollution attack through jQuery $.extend
Open

    jquery-rails (4.0.5)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

    nokogiri (1.6.6.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

omniauth leaks authenticity token in callback params
Open

    omniauth (1.2.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

    rails-html-sanitizer (1.0.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

    nokogiri (1.6.6.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Moderate severity vulnerability that affects nokogiri
Open

    nokogiri (1.6.6.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Nokogiri gem contains several vulnerabilities in libxml2 and libxslt
Open

    nokogiri (1.6.6.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Possible information leak / session hijack vulnerability
Open

    rack (1.6.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Denial of Service Vulnerability in Action View
Open

    actionview (4.2.4)
Severity: Critical
Found in Gemfile.lock by bundler-audit

rack-protection gem timing attack vulnerability when validating CSRF token
Open

    rack-protection (1.5.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Object leak vulnerability for wildcard controller routes in Action Pack
Open

    actionpack (4.2.4)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Unsafe Query Generation Risk in Active Record
Open

    activerecord (4.2.4)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Possible Object Leak and Denial of Service attack in Action Pack
Open

    actionpack (4.2.4)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Devise Gem for Ruby Unauthorized Access Using Remember Me Cookie
Open

    devise (3.5.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Path traversal is possible via backslash characters on Windows.
Open

    rack-protection (1.5.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Nokogiri gem contains several vulnerabilities in libxml2
Open

    nokogiri (1.6.6.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Nokogiri gem contains a heap-based buffer overflow vulnerability in libxml2
Open

    nokogiri (1.6.6.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Possible XSS vulnerability in rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

File Content Disclosure in Action View
Open

    actionview (4.2.4)
Severity: Critical
Found in Gemfile.lock by bundler-audit

XSS vulnerability in rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

TZInfo relative path traversal vulnerability allows loading of arbitrary files
Open

    tzinfo (1.2.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Possible remote code execution vulnerability in Action Pack
Open

    actionpack (4.2.4)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Nested attributes rejection proc bypass in Active Record
Open

    activerecord (4.2.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Possible XSS vulnerability in Rack
Open

    rack (1.6.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Possible Input Validation Circumvention in Active Model
Open

    activemodel (4.2.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Denial of service or RCE from libxml2 and libxslt
Open

    nokogiri (1.6.6.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Possible XSS vulnerability in rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Broken Access Control vulnerability in Active Job
Open

    activejob (4.2.4)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Possible XSS Vulnerability in Action View
Open

    actionview (4.2.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Timing attack vulnerability in basic authentication in Action Controller.
Open

    actionpack (4.2.4)
Severity: Info
Found in Gemfile.lock by bundler-audit

Potential remote code execution of user-provided local names in ActionView
Open

    actionview (4.2.4)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Possible Information Leak Vulnerability in Action View
Open

    actionview (4.2.4)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Nokogiri gem contains several vulnerabilities in libxml2 and libxslt
Open

    nokogiri (1.6.6.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

There are no issues that match your filters.

Category
Status