Sign upLogin

dtaniwaki/e2e-tester

View on GitHub
Star

Showing 259 of 259 total issues

Race condition when using persistent connections
Open

    excon (0.49.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-16779

Criticality: Medium

URL: https://github.com/excon/excon/security/advisories/GHSA-q58g-455p-8vw9

Solution: upgrade to >= 0.71.0

Possible XSS vulnerability in ActionView
Open

    actionview (5.0.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-5267

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/55reWMM_Pg8

Solution: upgrade to >= 5.2.4.2, ~> 5.2.4, >= 6.0.2.2

Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
Open

    activesupport (5.0.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8165

Criticality: Critical

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

CSRF Vulnerability in rails-ujs
Open

    actionview (5.0.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8167

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS
Open

    i18n (0.7.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2014-10077

URL: https://github.com/svenfuchs/i18n/pull/289

Solution: upgrade to >= 0.8.0

Improper Handling of Unexpected Data Type in Nokogiri
Open

    nokogiri (1.7.0.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-29181

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m

Solution: upgrade to >= 1.13.6

Prototype pollution attack through jQuery $.extend
Open

    jquery-rails (4.1.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-11358

Criticality: Medium

URL: https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/

Solution: upgrade to >= 4.3.4

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

    nokogiri (1.7.0.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-41098

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h

Solution: upgrade to >= 1.12.5

Directory traversal in Rack::Directory app bundled with Rack
Open

    rack (2.0.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8161

Criticality: High

URL: https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA

Solution: upgrade to ~> 2.1.3, >= 2.2.0

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

    nokogiri (1.7.0.1)
Severity: Info
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-26247

Criticality: Low

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m

Solution: upgrade to >= 1.11.0.rc4

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

    puma (3.2.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-11077

Criticality: Medium

URL: https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm

Solution: upgrade to ~> 3.12.6, >= 4.3.5

Unsafe objects can be loaded from Redis
Open

    redis-store (1.2.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2017-1000248

Criticality: Critical

URL: https://github.com/redis-store/redis-store/commit/ce13252c26fcc40ed4935c9abfeb0ee0761e5704

Solution: upgrade to >= 1.4.0

ReDoS based DoS vulnerability in Action Dispatch
Open

    actionpack (5.0.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2023-22795

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

ReDoS based DoS vulnerability in Action Dispatch
Open

    actionpack (5.0.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2023-22792

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

    nokogiri (1.7.0.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory:

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-cgx6-hpwq-fhv5

Solution: upgrade to >= 1.13.5

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

    nokogiri (1.7.0.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-13117

URL: https://github.com/sparklemotion/nokogiri/issues/1943

Solution: upgrade to >= 1.10.5

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

    nokogiri (1.7.0.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2017-16932

URL: https://github.com/sparklemotion/nokogiri/issues/1714

Solution: upgrade to >= 1.8.1

Nokogiri gem, via libxml2, is affected by multiple vulnerabilities
Open

    nokogiri (1.7.0.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-14404

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1785

Solution: upgrade to >= 1.8.5

Revert libxml2 behavior in Nokogiri gem that could cause XSS
Open

    nokogiri (1.7.0.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-8048

URL: https://github.com/sparklemotion/nokogiri/pull/1746

Solution: upgrade to >= 1.8.3

Paperclip ruby gem suffers from a Server-Side Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter and Paperclip::HttpUrlProxyAdapter class.
Open

    paperclip (5.1.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2017-0889

Criticality: Critical

URL: https://github.com/thoughtbot/paperclip/pull/2435

Solution: upgrade to >= 5.2.0

Severity
Category
Status
Source
Language