cortex-cms/cortex

View on GitHub
Gemfile.lock

Summary

Maintainability
Test Coverage

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

    nokogiri (1.8.4)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-5477

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1915

Solution: upgrade to >= 1.10.4

Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Open

    nokogiri (1.8.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-11068

URL: https://github.com/sparklemotion/nokogiri/issues/1892

Solution: upgrade to >= 1.10.3

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

    nokogiri (1.8.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-13117

URL: https://github.com/sparklemotion/nokogiri/issues/1943

Solution: upgrade to >= 1.10.5

libxml2 2.9.10 has an infinite loop in a certain end-of-file situation
Open

    nokogiri (1.8.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-7595

Criticality: Medium

URL: https://github.com/sparklemotion/nokogiri/issues/1992

Solution: upgrade to >= 1.10.8

Loofah XSS Vulnerability
Open

    loofah (2.2.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-15587

URL: https://github.com/flavorjones/loofah/issues/171

Solution: upgrade to >= 2.3.1

Remote command execution via filename
Open

    mini_magick (4.8.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-13574

URL: https://benjamin-bouchet.com/blog/vulnerabilite-dans-la-gem-mini_magick-version-4-9-4/

Solution: upgrade to >= 4.9.4

Devise Gem for Ruby confirmation token validation with a blank string
Open

    devise (4.4.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-16109

URL: https://github.com/plataformatec/devise/issues/5071

Solution: upgrade to >= 4.7.1

Devise Gem for Ruby Time-of-check Time-of-use race condition with lockable module
Open

    devise (4.4.3)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-5421

Criticality: High

URL: https://github.com/plataformatec/devise/issues/4981

Solution: upgrade to >= 4.6.0

Loofah XSS Vulnerability
Open

    loofah (2.2.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-16468

URL: https://github.com/flavorjones/loofah/issues/154

Solution: upgrade to >= 2.2.3

rack-cors directory traversal via path
Open

    rack-cors (1.0.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-18978

URL: https://github.com/cyu/rack-cors/commit/e4d4fc362a4315808927011cbe5afcfe5486f17d

Solution: upgrade to >= 1.0.4

Possible XSS vulnerability in Rack
Open

    rack (2.0.5)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-16471

URL: https://groups.google.com/forum/#!topic/ruby-security-ann/NAalCee8n6o

Solution: upgrade to ~> 1.6.11, >= 2.0.6

Nokogiri gem, via libxml2, is affected by multiple vulnerabilities
Open

    nokogiri (1.8.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-14404

URL: https://github.com/sparklemotion/nokogiri/issues/1785

Solution: upgrade to >= 1.8.5

Possible DoS vulnerability in Rack
Open

    rack (2.0.5)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-16470

URL: https://groups.google.com/forum/#!topic/ruby-security-ann/Dz4sRl-ktKk

Solution: upgrade to >= 2.0.6

Possible information leak / session hijack vulnerability
Open

    rack (2.0.5)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-16782

URL: https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3

Solution: upgrade to ~> 1.6.12, >= 2.0.8

Broken Access Control vulnerability in Active Job
Open

    activejob (5.1.6)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-16476

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/FL4dSdzr2zw

Solution: upgrade to ~> 4.2.11, ~> 5.0.7.1, ~> 5.1.6.1, ~> 5.1.7, >= 5.2.1.1

Denial of Service Vulnerability in Action View
Open

    actionview (5.1.6)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-5419

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/GN7w9fFAQeI

Solution: upgrade to >= 6.0.0.beta3, >= 5.2.2.1, ~> 5.2.2, >= 5.1.6.2, ~> 5.1.6, >= 5.0.7.2, ~> 5.0.7, >= 4.2.11.1, ~> 4.2.11

File Content Disclosure in Action View
Open

    actionview (5.1.6)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-5418

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q

Solution: upgrade to >= 4.2.11.1, ~> 4.2.11, >= 5.0.7.2, ~> 5.0.7, >= 5.1.6.2, ~> 5.1.6, >= 5.2.2.1, ~> 5.2.2, >= 6.0.0.beta3

There are no issues that match your filters.

Category
Status