Showing 259 of 259 total issues
Denial of Service Vulnerability in Rack Content-Disposition parsing Open
rack (2.0.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-44571
URL: https://github.com/rack/rack/releases/tag/v3.0.4.1
Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.1, ~> 2.2.6, >= 3.0.4.1
Broken Access Control vulnerability in Active Job Open
activejob (5.0.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2018-16476
Criticality: High
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/FL4dSdzr2zw
Solution: upgrade to ~> 4.2.11, ~> 5.0.7.1, ~> 5.1.6.1, ~> 5.1.7, >= 5.2.1.1
Possible XSS vulnerability in Rack Open
rack (2.0.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2018-16471
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/NAalCee8n6o
Solution: upgrade to ~> 1.6.11, >= 2.0.6
rack-protection gem timing attack vulnerability when validating CSRF token Open
rack-protection (1.5.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2018-1000119
Criticality: Medium
URL: https://github.com/sinatra/rack-protection/pull/98
Solution: upgrade to ~> 1.5.5, >= 2.0.0
Directory Traversal in rubyzip Open
rubyzip (1.2.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2018-1000544
Criticality: Critical
URL: https://github.com/rubyzip/rubyzip/issues/369
Solution: upgrade to >= 1.2.2
Denial of Service Vulnerability in Action View Open
actionview (5.0.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-5419
Criticality: High
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/GN7w9fFAQeI
Solution: upgrade to >= 6.0.0.beta3, >= 5.2.2.1, ~> 5.2.2, >= 5.1.6.2, ~> 5.1.6, >= 5.0.7.2, ~> 5.0.7, >= 4.2.11.1, ~> 4.2.11
Denial of service via multipart parsing in Rack Open
rack (2.0.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-44572
URL: https://github.com/rack/rack/releases/tag/v3.0.4.1
Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.1, ~> 2.2.6, >= 3.0.4.1
Denial of Service Vulnerability in Rack Multipart Parsing Open
rack (2.0.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-30122
Criticality: High
URL: https://groups.google.com/g/ruby-security-ann/c/L2Axto442qk
Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1
Possible information leak / session hijack vulnerability Open
rack (2.0.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-16782
Criticality: Medium
URL: https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3
Solution: upgrade to ~> 1.6.12, >= 2.0.8
ruby-ffi DDL loading issue on Windows OS Open
ffi (1.9.10)
- Read upRead up
- Exclude checks
Advisory: CVE-2018-1000201
Criticality: High
URL: https://github.com/ffi/ffi/releases/tag/1.9.24
Solution: upgrade to >= 1.9.24
Denial of service via header parsing in Rack Open
rack (2.0.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-44570
URL: https://github.com/rack/rack/releases/tag/v3.0.4.1
Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.2, ~> 2.2.6, >= 3.0.4.1
Regular Expression Denial of Service in websocket-extensions (RubyGem) Open
websocket-extensions (0.1.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-7663
Criticality: High
URL: https://github.com/faye/websocket-extensions-ruby/security/advisories/GHSA-g6wq-qcwm-j5g2
Solution: upgrade to >= 0.1.5
TZInfo relative path traversal vulnerability allows loading of arbitrary files Open
tzinfo (1.2.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-31163
Criticality: High
URL: https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx
Solution: upgrade to ~> 0.3.61, >= 1.2.10
Flaw in yajl-ruby gem may cause a DoS Open
yajl-ruby (1.3.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2017-16516
Criticality: High
URL: https://nvd.nist.gov/vuln/detail/CVE-2017-16516
Solution: upgrade to >= 1.3.1
Path Traversal in Sprockets Open
sprockets (3.7.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2018-3760
Criticality: High
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/2S9Pwz2i16k
Solution: upgrade to < 3.0.0, >= 2.12.5, < 4.0.0, >= 3.7.2, >= 4.0.0.beta8
Method update_source
has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring. Open
def self.update_source
browsers = [
{
browser: 'phantomjs',
device: 'desktop'
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method serialized_attribute
has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring. Open
def serialized_attribute(*names)
options = names.extract_options!
names.each do |name|
name = name.to_s
serialized_attribute_keys << name
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method set_pagination_header
has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring. Open
def set_pagination_header(records, params = request.params)
links = []
links << %(<#{url_for(params.merge(page: records.next_page))}>; rel="next") unless records.last_page?
links << %(<#{url_for(params.merge(page: records.total_pages))}>; rel="last") unless records.last_page?
links << %(<#{url_for(params.merge(page: 1))}>; rel="first") unless records.first_page?
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method same_test_step_set?
has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring. Open
def same_test_step_set?(other)
return false if other.nil?
return false if self.class != other.class
return false if test_steps.length != other.test_steps.length
return false if test_steps.map { |ts| ts.becomes ts.type.constantize }.zip(other.test_steps.map { |ts| ts.becomes ts.type.constantize }).any? { |a, b| !a.same_step?(b) }
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method assign_token
has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring. Open
def assign_token
token_columns.each do |column_name|
10.times do
token = SecureRandom.urlsafe_base64(32)
unless TestExecutionShare.where(column_name => token).exists?
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"