Gemfile.lock
GITInsecure Source URI found: git://github.com/atzorvas/omniauth-wordpress-oauth2-plugin.git remote: git://github.com/atzorvas/omniauth-wordpress-oauth2-plugin.git revision: ae1677af06871e87c8bb8d2e91886898881e574b specs: omniauth-wordpress_hosted (0.0.5) omniauth-oauth2 GEM remote: https://rubygems.org/ remote: https://rails-assets.org/ specs: actionmailer (4.2.4) actionpack (= 4.2.4) actionview (= 4.2.4) activejob (= 4.2.4) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 1.0, >= 1.0.5)Possible Information Disclosure / Unintended Method Execution in Action Pack
Possible DoS Vulnerability in Action Controller Token Authentication
ReDoS based DoS vulnerability in Action Dispatch
Ability to forge per-form CSRF tokens given a global CSRF token
Possible Strong Parameters Bypass in ActionPack
Object leak vulnerability for wildcard controller routes in Action Pack
Possible Object Leak and Denial of Service attack in Action Pack
Timing attack vulnerability in basic authentication in Action Controller.
Possible remote code execution vulnerability in Action Pack actionpack (4.2.4) actionview (= 4.2.4) activesupport (= 4.2.4) rack (~> 1.6) rack-test (~> 0.6.2) rails-dom-testing (~> 1.0, >= 1.0.5) rails-html-sanitizer (~> 1.0, >= 1.0.2)Possible XSS vulnerability in ActionView
CSRF Vulnerability in rails-ujs
Potential XSS vulnerability in Action View
Possible XSS Vulnerability in Action View tag helpers
Denial of Service Vulnerability in Action View
Potential remote code execution of user-provided local names in ActionView
Possible XSS Vulnerability in Action View
Possible Information Leak Vulnerability in Action View
File Content Disclosure in Action View actionview (4.2.4) activesupport (= 4.2.4) builder (~> 3.1) erubis (~> 2.7.0) rails-dom-testing (~> 1.0, >= 1.0.5) rails-html-sanitizer (~> 1.0, >= 1.0.2)Broken Access Control vulnerability in Active Job activejob (4.2.4) activesupport (= 4.2.4) globalid (>= 0.3.0)Possible Input Validation Circumvention in Active Model activemodel (4.2.4) activesupport (= 4.2.4) builder (~> 3.1)Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Possible RCE escalation bug with Serialized Columns in Active Record
Possible DoS Vulnerability in Active Record PostgreSQL adapter
Nested attributes rejection proc bypass in Active Record
Unsafe Query Generation Risk in Active Record activerecord (4.2.4) activemodel (= 4.2.4) activesupport (= 4.2.4) arel (~> 6.0)Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
ReDoS based DoS vulnerability in Active Support’s underscore activesupport (4.2.4) i18n (~> 0.7) json (~> 1.7, >= 1.7.7) minitest (~> 5.1) thread_safe (~> 0.3, >= 0.3.4) tzinfo (~> 1.1)Regular Expression Denial of Service in Addressable templates addressable (2.3.8) arel (6.0.3) autoprefixer-rails (6.0.3) execjs json bcrypt (3.1.10) binding_of_caller (0.7.2) debug_inspector (>= 0.0.1)XSS vulnerability via data-target in bootstrap-sass
XSS vulnerability in bootstrap-sass bootstrap-sass (3.3.5.1) autoprefixer-rails (>= 5.0.0.1) sass (>= 3.3.0) builder (3.2.2) byebug (5.0.0) columnize (= 0.9.0) celluloid (0.17.2) celluloid-essentials celluloid-extras celluloid-fsm celluloid-pool celluloid-supervision timers (>= 4.1.1) celluloid-essentials (0.20.5) timers (>= 4.1.1) celluloid-extras (0.20.5) timers (>= 4.1.1) celluloid-fsm (0.20.5) timers (>= 4.1.1) celluloid-pool (0.20.5) timers (>= 4.1.1) celluloid-supervision (0.20.5) timers (>= 4.1.1) code_analyzer (0.4.5) sexp_processor codeclimate-test-reporter (0.4.8) simplecov (>= 0.7.1, < 1.0.0) coderay (1.1.0) coffee-rails (4.1.0) coffee-script (>= 2.2.0) railties (>= 4.0.0, < 5.0) coffee-script (2.4.1) coffee-script-source execjs coffee-script-source (1.9.1.1) colored (1.2) columnize (0.9.0) connection_pool (2.2.0) crack (0.4.2) safe_yaml (~> 1.0.0) debug_inspector (0.0.2)Devise Gem for Ruby Time-of-check Time-of-use race condition with lockable module
Devise Gem for Ruby confirmation token validation with a blank string
Devise Gem for Ruby Unauthorized Access Using Remember Me Cookie devise (3.5.2) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 3.2.6, < 5) responders thread_safe (~> 0.1) warden (~> 1.2.3) devise-async (0.10.1) devise (~> 3.2) docile (1.1.5) dotenv (2.0.2) dotenv-rails (2.0.2) dotenv (= 2.0.2) railties (~> 4.0) erubis (2.7.0) execjs (2.6.0) faraday (0.9.2) multipart-post (>= 1.2, < 3) font-awesome-sass (4.4.0) sass (>= 3.2) foreman (0.78.0) thor (~> 0.19.1)ReDoS based DoS vulnerability in GlobalID globalid (0.3.6) activesupport (>= 4.1.0) hashdiff (0.2.2) hashie (3.4.3) hitimes (1.2.3)i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS i18n (0.7.0) jbuilder (2.3.2) activesupport (>= 3.0.0, < 5) multi_json (~> 1.2)Potential XSS vulnerability in jQuery
Prototype pollution attack through jQuery $.extend jquery-rails (4.0.5) rails-dom-testing (~> 1.0) railties (>= 4.2.0) thor (>= 0.14, < 2.0)json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix) json (1.8.3) jwt (1.5.2)Loofah XSS Vulnerability
Inefficient Regular Expression Complexity in Loofah loofah (2.0.3) nokogiri (>= 1.5.9) mail (2.6.3) mime-types (>= 1.16, < 3) metaclass (0.0.4) method_source (0.8.2) mime-types (2.6.2) mini_portile (0.6.2) minitest (5.8.2) mocha (1.1.0) metaclass (~> 0.0.1) multi_json (1.11.2) multi_xml (0.5.5) multipart-post (2.0.0)Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Integer Overflow or Wraparound in libxml2 affects Nokogiri
Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Improper Handling of Unexpected Data Type in Nokogiri
Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29
libxml2 2.9.10 has an infinite loop in a certain end-of-file situation
Nokogiri gem, via libxml2, is affected by multiple vulnerabilities
XML Injection in Xerces Java affects Nokogiri
Revert libxml2 behavior in Nokogiri gem that could cause XSS
Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Moderate severity vulnerability that affects nokogiri
Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Out-of-bounds Write in zlib affects Nokogiri
Inefficient Regular Expression Complexity in Nokogiri
Nokogiri gem contains several vulnerabilities in libxml2 and libxslt
Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Denial of Service (DoS) in Nokogiri on JRuby
Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities
Nokogiri gem contains several vulnerabilities in libxml2
Denial of service or RCE from libxml2 and libxslt
Nokogiri gem contains a heap-based buffer overflow vulnerability in libxml2 nokogiri (1.6.6.2) mini_portile (~> 0.6.0) oauth2 (1.0.0) faraday (>= 0.8, < 0.10) jwt (~> 1.0) multi_json (~> 1.3) multi_xml (~> 0.5) rack (~> 1.2)CSRF vulnerability in OmniAuth's request phase
omniauth leaks authenticity token in callback params
OmniAuth's `lib/omniauth/failure_endpoint.rb` does not escape `message_key` value omniauth (1.2.2) hashie (>= 1.2, < 4) rack (~> 1.0) omniauth-oauth2 (1.4.0) oauth2 (~> 1.0) omniauth (~> 1.2) orm_adapter (0.5.0) pg (0.18.3) pry (0.10.3) coderay (~> 1.1.0) method_source (~> 0.8.1) slop (~> 3.4) pry-byebug (3.2.0) byebug (~> 5.0) pry (~> 0.10) pry-rails (0.3.4) pry (>= 0.9.10)HTTP Response Splitting vulnerability in puma
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma
Keepalive thread overload/DoS in puma
HTTP Smuggling via Transfer-Encoding Header in Puma
HTTP Request Smuggling in puma
HTTP Response Splitting (Early Hints) in Puma
Information Exposure with Puma when used with Rails
Keepalive Connections Causing Denial Of Service in puma puma (2.14.0)Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Denial of Service Vulnerability in Rack Content-Disposition parsing
Denial of service via header parsing in Rack
Directory traversal in Rack::Directory app bundled with Rack
Denial of service via multipart parsing in Rack
Denial of Service Vulnerability in Rack Multipart Parsing
Possible shell escape sequence injection vulnerability in Rack
Possible XSS vulnerability in Rack
Possible information leak / session hijack vulnerability rack (1.6.4)Path traversal is possible via backslash characters on Windows.
rack-protection gem timing attack vulnerability when validating CSRF token rack-protection (1.5.3) rack rack-test (0.6.3) rack (>= 1.0) rails (4.2.4) actionmailer (= 4.2.4) actionpack (= 4.2.4) actionview (= 4.2.4) activejob (= 4.2.4) activemodel (= 4.2.4) activerecord (= 4.2.4) activesupport (= 4.2.4) bundler (>= 1.3.0, < 2.0) railties (= 4.2.4) sprockets-rails rails-assets-jplayer (2.9.2) rails-assets-jquery (>= 1.7.2) rails-assets-jquery (2.1.4) rails-deprecated_sanitizer (1.0.3) activesupport (>= 4.2.0.alpha) rails-dom-testing (1.0.7) activesupport (>= 4.2.0.beta, < 5.0) nokogiri (~> 1.6.0) rails-deprecated_sanitizer (>= 1.0.1)Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Inefficient Regular Expression Complexity in rails-html-sanitizer
Possible XSS vulnerability in rails-html-sanitizer
XSS vulnerability in rails-html-sanitizer rails-html-sanitizer (1.0.2) loofah (~> 2.0) rails_12factor (0.0.3) rails_serve_static_assets rails_stdout_logging rails_best_practices (1.15.7) activesupport code_analyzer (>= 0.4.3) colored erubis i18n json require_all ruby-progressbar rails_serve_static_assets (0.0.4) rails_stdout_logging (0.0.4) railties (4.2.4) actionpack (= 4.2.4) activesupport (= 4.2.4) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0)OS Command Injection in Rake rake (10.4.2)RDoc OS command injection vulnerability rdoc (4.2.0) redis (3.2.1) redis-namespace (1.5.2) redis (~> 3.0, >= 3.0.4) require_all (1.3.3) responders (2.1.0) railties (>= 4.2.0, < 5) ruby-progressbar (1.7.5) rufus-scheduler (3.1.7) safe_yaml (1.0.4) sass (3.4.19) sass-rails (5.0.4) railties (>= 4.0.0, < 5.0) sass (~> 3.1) sprockets (>= 2.8, < 4.0) sprockets-rails (>= 2.0, < 4.0) tilt (>= 1.1, < 3) sdoc (0.4.1) json (~> 1.7, >= 1.7.7) rdoc (~> 4.0) sexp_processor (4.6.0)Cross-site Scripting in Sidekiq
Denial of service in sidekiq sidekiq (3.5.2) celluloid (~> 0.17.2) connection_pool (~> 2.2, >= 2.2.0) json (~> 1.0) redis (~> 3.2, >= 3.2.1) redis-namespace (~> 1.5, >= 1.5.2) sidekiq-scheduler (1.2.2) multi_json (~> 1) redis (~> 3) rufus-scheduler (~> 3) sidekiq (~> 3) simplecov (0.10.0) docile (~> 1.1.0) json (~> 1.8) simplecov-html (~> 0.10.0) simplecov-html (0.10.0)Sinatra vulnerable to Reflected File Download attack
sinatra does not validate expanded path matches sinatra (1.4.6) rack (~> 1.4) rack-protection (~> 1.4) tilt (>= 1.3, < 3) slim (3.0.6) temple (~> 0.7.3) tilt (>= 1.3.3, < 2.1) slim-rails (3.0.1) actionmailer (>= 3.1, < 5.0) actionpack (>= 3.1, < 5.0) activesupport (>= 3.1, < 5.0) railties (>= 3.1, < 5.0) slim (~> 3.0) slop (3.6.0) spring (1.4.0)Path Traversal in Sprockets sprockets (3.4.0) rack (> 1, < 3) sprockets-rails (2.3.3) actionpack (>= 3.0) activesupport (>= 3.0) sprockets (>= 2.8, < 4.0) temple (0.7.6) thor (0.19.1) thread_safe (0.3.5) tilt (2.0.1) timers (4.1.1) hitimes tubesock (0.2.5) rack (>= 1.5.0) websocket (>= 1.1.0) turbograft (0.1.20) coffee-railsTZInfo relative path traversal vulnerability allows loading of arbitrary files tzinfo (1.2.2) thread_safe (~> 0.1) uglifier (2.7.2) execjs (>= 0.3.0) json (>= 1.8.0) vcr (2.9.3) warden (1.2.3) rack (>= 1.0) web-console (2.2.1) activemodel (>= 4.0) binding_of_caller (>= 0.7.2) railties (>= 4.0) sprockets-rails (>= 2.0, < 4.0) webmock (1.22.2) addressable (>= 2.3.6) crack (>= 0.3.2) hashdiff websocket (1.2.2) PLATFORMS ruby DEPENDENCIES bootstrap-sass codeclimate-test-reporter coffee-rails (~> 4.1.0) devise devise-async dotenv-rails font-awesome-sass foreman jbuilder (~> 2.0) jquery-rails mocha nokogiri omniauth-wordpress_hosted! pg pry-byebug pry-rails puma rails (= 4.2.4) rails-assets-jplayer! rails_12factor rails_best_practices sass-rails (~> 5.0) sdoc (~> 0.4.0) sidekiq sidekiq-scheduler sinatra slim-rails spring tubesock turbograft uglifier (>= 1.3.0) vcr web-console (~> 2.0) webmock BUNDLED WITH 1.10.6