Issues - ece517-p3/expertiza

Out-of-bounds Write in zlib affects Nokogiri
Open

    nokogiri (1.8.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-25032

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5

Solution: upgrade to >= 1.13.4

Command injection in ruby-git
Open

    git (1.5.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-25648

Criticality: Critical

URL: https://github.com/ruby-git/ruby-git/pull/569

Solution: upgrade to >= 1.11.0

Improper neutralization of data URIs may allow XSS in Loofah
Open

    loofah (2.2.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23515

Criticality: Medium

URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-228g-948r-83gx

Solution: upgrade to >= 2.19.1

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

    nokogiri (1.8.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64

Solution: upgrade to >= 1.11.4

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

    nokogiri (1.8.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-30560

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2

Solution: upgrade to >= 1.13.2

Code injection in ruby git
Open

    git (1.5.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-47318

Criticality: High

URL: https://github.com/ruby-git/ruby-git/pull/602

Solution: upgrade to >= 1.13.0

Cross-site Scripting in Sidekiq
Open

    sidekiq (5.1.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-30151

Criticality: Medium

URL: https://github.com/advisories/GHSA-grh7-935j-hg6w

Solution: upgrade to ~> 5.2.0, >= 6.2.1

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

    nokogiri (1.8.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-13117

URL: https://github.com/sparklemotion/nokogiri/issues/1943

Solution: upgrade to >= 1.10.5

Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Open

    nokogiri (1.8.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-11068

URL: https://github.com/sparklemotion/nokogiri/issues/1892

Solution: upgrade to >= 1.10.3

Improper Handling of Unexpected Data Type in Nokogiri
Open

    nokogiri (1.8.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-29181

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m

Solution: upgrade to >= 1.13.6

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23518

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m

Solution: upgrade to >= 1.4.4

Potential XSS vulnerability in jQuery
Open

    jquery-rails (4.3.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-11023

Criticality: Medium

URL: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released

Solution: upgrade to >= 4.4.0

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

    nokogiri (1.8.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-5477

Criticality: Critical

URL: https://github.com/sparklemotion/nokogiri/issues/1915

Solution: upgrade to >= 1.10.4

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

    nokogiri (1.8.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw

Solution: upgrade to >= 1.13.9

Inefficient Regular Expression Complexity in Nokogiri
Open

    nokogiri (1.8.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-24836

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8

Solution: upgrade to >= 1.13.4

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

    nokogiri (1.8.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-26247

Criticality: Low

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m

Solution: upgrade to >= 1.11.0.rc4

OmniAuth's `lib/omniauth/failure_endpoint.rb` does not escape `message_key` value
Open

    omniauth (1.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-36599

Criticality: Critical

URL: https://github.com/omniauth/omniauth/commit/43a396f181ef7d0ed2ec8291c939c95e3ed3ff00#diff-575abda9deb9b1a77bf534e898a923029b9a61e991d626db88dc6e8b34260aa2

Solution: upgrade to ~> 1.9.2, >= 2.0.0

Denial of Service (DoS) in Nokogiri on JRuby
Open

    nokogiri (1.8.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-24839

Criticality: High

URL: https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv

Solution: upgrade to >= 1.13.4

Regular Expression Denial of Service in Addressable templates
Open

    addressable (2.5.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-32740

Criticality: High

URL: https://github.com/advisories/GHSA-jxhc-q857-3j6g

Solution: upgrade to >= 2.8.0

Uncontrolled Recursion in Loofah
Open

    loofah (2.2.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23516

Criticality: High

URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-3x8r-x6xp-q4vm

Solution: upgrade to >= 2.19.1

ece517-p3/expertiza

Showing 2,813 of 2,813 total issues

Out-of-bounds Write in zlib affects Nokogiri
Open

Command injection in ruby-git
Open

Improper neutralization of data URIs may allow XSS in Loofah
Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

Code injection in ruby git
Open

Cross-site Scripting in Sidekiq
Open

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Open

Improper Handling of Unexpected Data Type in Nokogiri
Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

Potential XSS vulnerability in jQuery
Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

Inefficient Regular Expression Complexity in Nokogiri
Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

OmniAuth's `lib/omniauth/failure_endpoint.rb` does not escape `message_key` value
Open

Denial of Service (DoS) in Nokogiri on JRuby
Open

Regular Expression Denial of Service in Addressable templates
Open

Uncontrolled Recursion in Loofah
Open

Severity

Category

Status

Source

Language

ece517-p3/expertiza

Showing 2,813 of 2,813 total issues

Out-of-bounds Write in zlib affects Nokogiri Open

Command injection in ruby-git Open

Improper neutralization of data URIs may allow XSS in Loofah Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12 Open

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35) Open

Code injection in ruby git Open

Cross-site Scripting in Sidekiq Open

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities Open

Nokogiri gem, via libxslt, is affected by improper access control vulnerability Open

Improper Handling of Unexpected Data Type in Nokogiri Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer Open

Potential XSS vulnerability in jQuery Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs Open

Inefficient Regular Expression Complexity in Nokogiri Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability Open

OmniAuth's lib/omniauth/failure_endpoint.rb does not escape message_key value Open

Denial of Service (DoS) in Nokogiri on JRuby Open

Regular Expression Denial of Service in Addressable templates Open

Uncontrolled Recursion in Loofah Open

Severity

Category

Status

Source

Language

Out-of-bounds Write in zlib affects Nokogiri
Open

Command injection in ruby-git
Open

Improper neutralization of data URIs may allow XSS in Loofah
Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

Code injection in ruby git
Open

Cross-site Scripting in Sidekiq
Open

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Open

Improper Handling of Unexpected Data Type in Nokogiri
Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

Potential XSS vulnerability in jQuery
Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

Inefficient Regular Expression Complexity in Nokogiri
Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

OmniAuth's `lib/omniauth/failure_endpoint.rb` does not escape `message_key` value
Open

Denial of Service (DoS) in Nokogiri on JRuby
Open

Regular Expression Denial of Service in Addressable templates
Open

Uncontrolled Recursion in Loofah
Open