Gemfile.lock from cortex-cms/cortex

Gemfile.lock

Summary

Maintainability

Test Coverage

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

    nokogiri (1.8.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-5477

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1915

Solution: upgrade to >= 1.10.4

Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Open

    nokogiri (1.8.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-11068

URL: https://github.com/sparklemotion/nokogiri/issues/1892

Solution: upgrade to >= 1.10.3

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

    nokogiri (1.8.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-13117

URL: https://github.com/sparklemotion/nokogiri/issues/1943

Solution: upgrade to >= 1.10.5

libxml2 2.9.10 has an infinite loop in a certain end-of-file situation
Open

    nokogiri (1.8.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-7595

Criticality: Medium

URL: https://github.com/sparklemotion/nokogiri/issues/1992

Solution: upgrade to >= 1.10.8

Loofah XSS Vulnerability
Open

    loofah (2.2.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-15587

URL: https://github.com/flavorjones/loofah/issues/171

Solution: upgrade to >= 2.3.1

Remote command execution via filename
Open

    mini_magick (4.8.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-13574

URL: https://benjamin-bouchet.com/blog/vulnerabilite-dans-la-gem-mini_magick-version-4-9-4/

Solution: upgrade to >= 4.9.4

Devise Gem for Ruby confirmation token validation with a blank string
Open

    devise (4.4.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-16109

URL: https://github.com/plataformatec/devise/issues/5071

Solution: upgrade to >= 4.7.1

Devise Gem for Ruby Time-of-check Time-of-use race condition with lockable module
Open

    devise (4.4.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-5421

Criticality: High

URL: https://github.com/plataformatec/devise/issues/4981

Solution: upgrade to >= 4.6.0

Loofah XSS Vulnerability
Open

    loofah (2.2.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-16468

URL: https://github.com/flavorjones/loofah/issues/154

Solution: upgrade to >= 2.2.3

rack-cors directory traversal via path
Open

    rack-cors (1.0.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-18978

URL: https://github.com/cyu/rack-cors/commit/e4d4fc362a4315808927011cbe5afcfe5486f17d

Solution: upgrade to >= 1.0.4

Possible XSS vulnerability in Rack
Open

    rack (2.0.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-16471

URL: https://groups.google.com/forum/#!topic/ruby-security-ann/NAalCee8n6o

Solution: upgrade to ~> 1.6.11, >= 2.0.6

Nokogiri gem, via libxml2, is affected by multiple vulnerabilities
Open

    nokogiri (1.8.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-14404

URL: https://github.com/sparklemotion/nokogiri/issues/1785

Solution: upgrade to >= 1.8.5

Possible DoS vulnerability in Rack
Open

    rack (2.0.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-16470

URL: https://groups.google.com/forum/#!topic/ruby-security-ann/Dz4sRl-ktKk

Solution: upgrade to >= 2.0.6

Possible information leak / session hijack vulnerability
Open

    rack (2.0.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-16782

URL: https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3

Solution: upgrade to ~> 1.6.12, >= 2.0.8

Broken Access Control vulnerability in Active Job
Open

    activejob (5.1.6)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-16476

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/FL4dSdzr2zw

Solution: upgrade to ~> 4.2.11, ~> 5.0.7.1, ~> 5.1.6.1, ~> 5.1.7, >= 5.2.1.1

Denial of Service Vulnerability in Action View
Open

    actionview (5.1.6)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-5419

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/GN7w9fFAQeI

Solution: upgrade to >= 6.0.0.beta3, >= 5.2.2.1, ~> 5.2.2, >= 5.1.6.2, ~> 5.1.6, >= 5.0.7.2, ~> 5.0.7, >= 4.2.11.1, ~> 4.2.11

File Content Disclosure in Action View
Open

    actionview (5.1.6)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-5418

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q

Solution: upgrade to >= 4.2.11.1, ~> 4.2.11, >= 5.0.7.2, ~> 5.0.7, >= 5.1.6.2, ~> 5.1.6, >= 5.2.2.1, ~> 5.2.2, >= 6.0.0.beta3

cortex-cms/cortex

Summary

Maintainability

Test Coverage

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Open

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

libxml2 2.9.10 has an infinite loop in a certain end-of-file situation
Open

Loofah XSS Vulnerability
Open

Remote command execution via filename
Open

Devise Gem for Ruby confirmation token validation with a blank string
Open

Devise Gem for Ruby Time-of-check Time-of-use race condition with lockable module
Open

Loofah XSS Vulnerability
Open

rack-cors directory traversal via path
Open

Possible XSS vulnerability in Rack
Open

Nokogiri gem, via libxml2, is affected by multiple vulnerabilities
Open

Possible DoS vulnerability in Rack
Open

Possible information leak / session hijack vulnerability
Open

Broken Access Control vulnerability in Active Job
Open

Denial of Service Vulnerability in Action View
Open

File Content Disclosure in Action View
Open

There are no issues that match your filters.

Category

Status

cortex-cms/cortex

Summary

Maintainability

Test Coverage

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file Open

Nokogiri gem, via libxslt, is affected by improper access control vulnerability Open

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities Open

libxml2 2.9.10 has an infinite loop in a certain end-of-file situation Open

Loofah XSS Vulnerability Open

Remote command execution via filename Open

Devise Gem for Ruby confirmation token validation with a blank string Open

Devise Gem for Ruby Time-of-check Time-of-use race condition with lockable module Open

Loofah XSS Vulnerability Open

rack-cors directory traversal via path Open

Possible XSS vulnerability in Rack Open

Nokogiri gem, via libxml2, is affected by multiple vulnerabilities Open

Possible DoS vulnerability in Rack Open

Possible information leak / session hijack vulnerability Open

Broken Access Control vulnerability in Active Job Open

Denial of Service Vulnerability in Action View Open

File Content Disclosure in Action View Open

There are no issues that match your filters.

Category

Status

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Open

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

libxml2 2.9.10 has an infinite loop in a certain end-of-file situation
Open

Loofah XSS Vulnerability
Open

Remote command execution via filename
Open

Devise Gem for Ruby confirmation token validation with a blank string
Open

Devise Gem for Ruby Time-of-check Time-of-use race condition with lockable module
Open

Loofah XSS Vulnerability
Open

rack-cors directory traversal via path
Open

Possible XSS vulnerability in Rack
Open

Nokogiri gem, via libxml2, is affected by multiple vulnerabilities
Open

Possible DoS vulnerability in Rack
Open

Possible information leak / session hijack vulnerability
Open

Broken Access Control vulnerability in Active Job
Open

Denial of Service Vulnerability in Action View
Open

File Content Disclosure in Action View
Open