Showing 132 of 132 total issues
Possible timing attack in derivation_endpoint Open
shrine (2.11.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-15237
Criticality: Medium
URL: https://github.com/shrinerb/shrine/security/advisories/GHSA-5jjv-x4fq-qjwp
Solution: upgrade to >= 3.3.0
ReDoS based DoS vulnerability in GlobalID Open
globalid (0.4.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2023-22799
URL: https://github.com/rails/globalid/releases/tag/v1.0.1
Solution: upgrade to >= 1.0.1
Update bundled libxml2 to v2.10.3 to resolve multiple CVEs Open
nokogiri (1.8.4)
- Read upRead up
- Exclude checks
Advisory:
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw
Solution: upgrade to >= 1.13.9
Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer Open
rails-html-sanitizer (1.0.4)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-32209
Criticality: Medium
URL: https://groups.google.com/g/rubyonrails-security/c/ce9PhUANQ6s
Solution: upgrade to >= 1.4.3
Regular Expression Denial of Service in Addressable templates Open
addressable (2.5.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2021-32740
Criticality: High
URL: https://github.com/advisories/GHSA-jxhc-q857-3j6g
Solution: upgrade to >= 2.8.0
Nokogiri gem, via libxslt, is affected by improper access control vulnerability Open
nokogiri (1.8.4)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-11068
URL: https://github.com/sparklemotion/nokogiri/issues/1892
Solution: upgrade to >= 1.10.3
Potential XSS vulnerability in Action View Open
actionview (5.1.6)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-15169
Criticality: Medium
URL: https://groups.google.com/g/rubyonrails-security/c/b-C9kSGXYrc
Solution: upgrade to >= 5.2.4.4, ~> 5.2.4, >= 6.0.3.3
Possible XSS vulnerability in ActionView Open
actionview (5.1.6)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-5267
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/55reWMM_Pg8
Solution: upgrade to >= 5.2.4.2, ~> 5.2.4, >= 6.0.2.2
Ability to forge per-form CSRF tokens given a global CSRF token Open
actionpack (5.1.6)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-8166
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw
Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1
Cross-site Scripting in Sidekiq Open
sidekiq (5.1.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2021-30151
Criticality: Medium
URL: https://github.com/advisories/GHSA-grh7-935j-hg6w
Solution: upgrade to ~> 5.2.0, >= 6.2.1
Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby Open
nokogiri (1.8.4)
- Read upRead up
- Exclude checks
Advisory: CVE-2021-41098
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h
Solution: upgrade to >= 1.12.5
Possible DoS Vulnerability in Action Controller Token Authentication Open
actionpack (5.1.6)
- Read upRead up
- Exclude checks
Advisory: CVE-2021-22904
Criticality: High
URL: https://groups.google.com/g/rubyonrails-security/c/Pf1TjkOBdyQ
Solution: upgrade to ~> 5.2.4.6, ~> 5.2.6, >= 6.0.3.7, ~> 6.0.3, >= 6.1.3.2
Gon gem lack of escaping certain input when outputting as JSON Open
gon (6.2.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-25739
Criticality: Medium
URL: https://github.com/gazay/gon/commit/fe3c7b2191a992386dc9edd37de5447a4e809bc7
Solution: upgrade to >= 6.4.0
json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix) Open
json (2.1.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-10663
Criticality: High
URL: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/
Solution: upgrade to >= 2.3.0
Improper neutralization of data URIs may allow XSS in Loofah Open
loofah (2.2.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-23515
Criticality: Medium
URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-228g-948r-83gx
Solution: upgrade to >= 2.19.1
Sinatra vulnerable to Reflected File Download attack Open
sinatra (2.0.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-45442
Criticality: High
URL: https://github.com/sinatra/sinatra/security/advisories/GHSA-2x8x-jmrp-phxw
Solution: upgrade to ~> 2.2.3, >= 3.0.4
ReDoS based DoS vulnerability in Action Dispatch Open
actionpack (5.1.6)
- Read upRead up
- Exclude checks
Advisory: CVE-2023-22795
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1
CSRF Vulnerability in rails-ujs Open
actionview (5.1.6)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-8167
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0
Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1
XML Injection in Xerces Java affects Nokogiri Open
nokogiri (1.8.4)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-23437
Criticality: Medium
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xxx9-3xcr-gjj3
Solution: upgrade to >= 1.13.4
Nokogiri gem, via libxslt, is affected by multiple vulnerabilities Open
nokogiri (1.8.4)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-13117
URL: https://github.com/sparklemotion/nokogiri/issues/1943
Solution: upgrade to >= 1.10.5