Issues - deliveroo/routemaster

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

    rack (1.6.11)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Possible shell escape sequence injection vulnerability in Rack
Open

    rack (1.6.11)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

sinatra does not validate expanded path matches
Open

    sinatra (1.4.8)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Keepalive Connections Causing Denial Of Service in puma
Open

    puma (3.7.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Directory traversal in Rack::Directory app bundled with Rack
Open

    rack (1.6.11)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Information Exposure with Puma when used with Rails
Open

    puma (3.7.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma
Open

    puma (3.7.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

HTTP Request Smuggling in puma
Open

    puma (3.7.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Denial of service via header parsing in Rack
Open

    rack (1.6.11)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Denial of service via multipart parsing in Rack
Open

    rack (1.6.11)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Denial of Service Vulnerability in Rack Multipart Parsing
Open

    rack (1.6.11)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Denial of Service Vulnerability in Rack Content-Disposition parsing
Open

    rack (1.6.11)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Sinatra vulnerable to Reflected File Download attack
Open

    sinatra (1.4.8)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

    json (2.1.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

HTTP Response Splitting vulnerability in puma
Open

    puma (3.7.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Keepalive thread overload/DoS in puma
Open

    puma (3.7.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Regular Expression Denial of Service in Addressable templates
Open

    addressable (2.5.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

    puma (3.7.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

    puma (3.7.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

HTTP Response Splitting (Early Hints) in Puma
Open

    puma (3.7.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

deliveroo/routemaster

Showing 30 of 30 total issues

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

Possible shell escape sequence injection vulnerability in Rack
Open

sinatra does not validate expanded path matches
Open

Keepalive Connections Causing Denial Of Service in puma
Open

Directory traversal in Rack::Directory app bundled with Rack
Open

Information Exposure with Puma when used with Rails
Open

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma
Open

HTTP Request Smuggling in puma
Open

Denial of service via header parsing in Rack
Open

Denial of service via multipart parsing in Rack
Open

Denial of Service Vulnerability in Rack Multipart Parsing
Open

Denial of Service Vulnerability in Rack Content-Disposition parsing
Open

Sinatra vulnerable to Reflected File Download attack
Open

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

HTTP Response Splitting vulnerability in puma
Open

Keepalive thread overload/DoS in puma
Open

Regular Expression Denial of Service in Addressable templates
Open

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

HTTP Response Splitting (Early Hints) in Puma
Open

Severity

Category

Status

Source

Language

deliveroo/routemaster

Showing 30 of 30 total issues

Percent-encoded cookies can be used to overwrite existing prefixed cookie names Open

Possible shell escape sequence injection vulnerability in Rack Open

sinatra does not validate expanded path matches Open

Keepalive Connections Causing Denial Of Service in puma Open

Directory traversal in Rack::Directory app bundled with Rack Open

Information Exposure with Puma when used with Rails Open

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma Open

HTTP Request Smuggling in puma Open

Denial of service via header parsing in Rack Open

Denial of service via multipart parsing in Rack Open

Denial of Service Vulnerability in Rack Multipart Parsing Open

Denial of Service Vulnerability in Rack Content-Disposition parsing Open

Sinatra vulnerable to Reflected File Download attack Open

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix) Open

HTTP Response Splitting vulnerability in puma Open

Keepalive thread overload/DoS in puma Open

Regular Expression Denial of Service in Addressable templates Open

HTTP Smuggling via Transfer-Encoding Header in Puma Open

HTTP Smuggling via Transfer-Encoding Header in Puma Open

HTTP Response Splitting (Early Hints) in Puma Open

Severity

Category

Status

Source

Language

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

Possible shell escape sequence injection vulnerability in Rack
Open

sinatra does not validate expanded path matches
Open

Keepalive Connections Causing Denial Of Service in puma
Open

Directory traversal in Rack::Directory app bundled with Rack
Open

Information Exposure with Puma when used with Rails
Open

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma
Open

HTTP Request Smuggling in puma
Open

Denial of service via header parsing in Rack
Open

Denial of service via multipart parsing in Rack
Open

Denial of Service Vulnerability in Rack Multipart Parsing
Open

Denial of Service Vulnerability in Rack Content-Disposition parsing
Open

Sinatra vulnerable to Reflected File Download attack
Open

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

HTTP Response Splitting vulnerability in puma
Open

Keepalive thread overload/DoS in puma
Open

Regular Expression Denial of Service in Addressable templates
Open

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

HTTP Response Splitting (Early Hints) in Puma
Open