Issues - dianhua1560/bhgh

CSRF Vulnerability in rails-ujs
Open

    actionview (4.2.5.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8167

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

    json (1.8.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-10663

Criticality: High

URL: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/

Solution: upgrade to >= 2.3.0

Paperclip ruby gem suffers from a Server-Side Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter and Paperclip::HttpUrlProxyAdapter class.
Open

    paperclip (4.3.6)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2017-0889

Criticality: Critical

URL: https://github.com/thoughtbot/paperclip/pull/2435

Solution: upgrade to >= 5.2.0

Possible shell escape sequence injection vulnerability in Rack
Open

    rack (1.6.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-30123

Criticality: Critical

URL: https://groups.google.com/g/ruby-security-ann/c/LWB10kWzag8

Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1

RDoc OS command injection vulnerability
Open

    rdoc (4.2.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-31799

Criticality: High

URL: https://www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc/

Solution: upgrade to ~> 6.1.2.1, ~> 6.2.1.1, >= 6.3.1

Possible Strong Parameters Bypass in ActionPack
Open

    actionpack (4.2.5.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8164

Criticality: High

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

    activerecord (4.2.5.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-44566

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Directory traversal in Rack::Directory app bundled with Rack
Open

    rack (1.6.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8161

Criticality: High

URL: https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA

Solution: upgrade to ~> 2.1.3, >= 2.2.0

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

    nokogiri (1.6.7.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64

Solution: upgrade to >= 1.11.4

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

    nokogiri (1.6.7.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw

Solution: upgrade to >= 1.13.9

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

    nokogiri (1.6.7.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2017-16932

URL: https://github.com/sparklemotion/nokogiri/issues/1714

Solution: upgrade to >= 1.8.1

Potential XSS vulnerability in jQuery
Open

    jquery-rails (4.1.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-11023

Criticality: Medium

URL: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released

Solution: upgrade to >= 4.4.0

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

    nokogiri (1.6.7.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-13117

URL: https://github.com/sparklemotion/nokogiri/issues/1943

Solution: upgrade to >= 1.10.5

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

    nokogiri (1.6.7.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-30560

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2

Solution: upgrade to >= 1.13.2

Denial of Service (DoS) in Nokogiri on JRuby
Open

    nokogiri (1.6.7.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-24839

Criticality: High

URL: https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv

Solution: upgrade to >= 1.13.4

Loofah XSS Vulnerability
Open

    loofah (2.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-16468

Criticality: Medium

URL: https://github.com/flavorjones/loofah/issues/154

Solution: upgrade to >= 2.2.3

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23517

Criticality: High

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w

Solution: upgrade to >= 1.4.4

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23518

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m

Solution: upgrade to >= 1.4.4

Revert libxml2 behavior in Nokogiri gem that could cause XSS
Open

    nokogiri (1.6.7.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-8048

URL: https://github.com/sparklemotion/nokogiri/pull/1746

Solution: upgrade to >= 1.8.3

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

    rails-html-sanitizer (1.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-32209

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/ce9PhUANQ6s

Solution: upgrade to >= 1.4.3

dianhua1560/bhgh

Showing 208 of 208 total issues

CSRF Vulnerability in rails-ujs
Open

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

Paperclip ruby gem suffers from a Server-Side Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter and Paperclip::HttpUrlProxyAdapter class.
Open

Possible shell escape sequence injection vulnerability in Rack
Open

RDoc OS command injection vulnerability
Open

Possible Strong Parameters Bypass in ActionPack
Open

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

Directory traversal in Rack::Directory app bundled with Rack
Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

Potential XSS vulnerability in jQuery
Open

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

Denial of Service (DoS) in Nokogiri on JRuby
Open

Loofah XSS Vulnerability
Open

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

Revert libxml2 behavior in Nokogiri gem that could cause XSS
Open

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

Severity

Category

Status

Source

Language

dianhua1560/bhgh

Showing 208 of 208 total issues

CSRF Vulnerability in rails-ujs Open

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix) Open

Paperclip ruby gem suffers from a Server-Side Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter and Paperclip::HttpUrlProxyAdapter class. Open

Possible shell escape sequence injection vulnerability in Rack Open

RDoc OS command injection vulnerability Open

Possible Strong Parameters Bypass in ActionPack Open

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter Open

Directory traversal in Rack::Directory app bundled with Rack Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12 Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities Open

Potential XSS vulnerability in jQuery Open

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities Open

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35) Open

Denial of Service (DoS) in Nokogiri on JRuby Open

Loofah XSS Vulnerability Open

Inefficient Regular Expression Complexity in rails-html-sanitizer Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer Open

Revert libxml2 behavior in Nokogiri gem that could cause XSS Open

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer Open

Severity

Category

Status

Source

Language

CSRF Vulnerability in rails-ujs
Open

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

Paperclip ruby gem suffers from a Server-Side Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter and Paperclip::HttpUrlProxyAdapter class.
Open

Possible shell escape sequence injection vulnerability in Rack
Open

RDoc OS command injection vulnerability
Open

Possible Strong Parameters Bypass in ActionPack
Open

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

Directory traversal in Rack::Directory app bundled with Rack
Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

Potential XSS vulnerability in jQuery
Open

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

Denial of Service (DoS) in Nokogiri on JRuby
Open

Loofah XSS Vulnerability
Open

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

Revert libxml2 behavior in Nokogiri gem that could cause XSS
Open

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open