Sign upLogin

estiens/caterpillar_rails

View on GitHub
Star

Showing 64 of 64 total issues

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

    nokogiri (1.12.5)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory:

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-cgx6-hpwq-fhv5

Solution: upgrade to >= 1.13.5

Possible XSS vulnerability in ActionView
Open

    actionview (5.0.7.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-5267

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/55reWMM_Pg8

Solution: upgrade to >= 5.2.4.2, ~> 5.2.4, >= 6.0.2.2

Uncontrolled Recursion in Loofah
Open

    loofah (2.3.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23516

Criticality: High

URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-3x8r-x6xp-q4vm

Solution: upgrade to >= 2.19.1

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

    rails-html-sanitizer (1.3.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-32209

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/ce9PhUANQ6s

Solution: upgrade to >= 1.4.3

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

    activerecord (5.0.7.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-44566

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Possible RCE escalation bug with Serialized Columns in Active Record
Open

    activerecord (5.0.7.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-32224

Criticality: Critical

URL: https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U

Solution: upgrade to >= 5.2.8.1, ~> 5.2.8, >= 6.0.5.1, ~> 6.0.5, >= 6.1.6.1, ~> 6.1.6, >= 7.0.3.1

Denial of Service (DoS) in Nokogiri on JRuby
Open

    nokogiri (1.12.5)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-24839

Criticality: High

URL: https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv

Solution: upgrade to >= 1.13.4

httparty has multipart/form-data request tampering vulnerability
Open

    httparty (0.17.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory:

Criticality: Medium

URL: https://github.com/jnunemaker/httparty/security/advisories/GHSA-5pq7-52mg-hr42

Solution: upgrade to >= 0.21.0

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

    rack (2.0.8)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8184

Criticality: High

URL: https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak

Solution: upgrade to ~> 2.1.4, >= 2.2.3

Possible Information Disclosure / Unintended Method Execution in Action Pack
Open

    actionpack (5.0.7.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-22885

Criticality: High

URL: https://groups.google.com/g/rubyonrails-security/c/NiQl-48cXYI

Solution: upgrade to ~> 5.2.4.6, ~> 5.2.6, >= 6.0.3.7, ~> 6.0.3, >= 6.1.3.2

Ability to forge per-form CSRF tokens given a global CSRF token
Open

    actionpack (5.0.7.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8166

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

Possible Strong Parameters Bypass in ActionPack
Open

    actionpack (5.0.7.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8164

Criticality: High

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

ReDoS based DoS vulnerability in Action Dispatch
Open

    actionpack (5.0.7.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2023-22792

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Inefficient Regular Expression Complexity in Loofah
Open

    loofah (2.3.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23514

Criticality: High

URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-486f-hjj9-9vhh

Solution: upgrade to >= 2.19.1

Directory traversal in Rack::Directory app bundled with Rack
Open

    rack (2.0.8)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8161

Criticality: High

URL: https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA

Solution: upgrade to ~> 2.1.3, >= 2.2.0

ReDoS based DoS vulnerability in Action Dispatch
Open

    actionpack (5.0.7.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2023-22795

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Possible DoS Vulnerability in Active Record PostgreSQL adapter
Open

    activerecord (5.0.7.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-22880

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/ZzUqCh9vyhI

Solution: upgrade to >= 5.2.4.5, ~> 5.2.4, >= 6.0.3.5, ~> 6.0.3, >= 6.1.2.1

Class DoseInfo has 36 methods (exceeds 20 allowed). Consider refactoring.
Open

class DoseInfo < ApplicationRecord
  belongs_to :drug

  def info_string
    info_strings = [insufflation_dose_string, oral_dose_string, smoked_dose_string,
Severity: Minor
Found in app/models/dose_info.rb - About 4 hrs to fix

    Class Drug has 21 methods (exceeds 20 allowed). Consider refactoring.
    Open

    class Drug < ApplicationRecord
  has_one :dose_info

  def self.find_with_aliases(name)
    name = name&.downcase
    Severity: Minor
    Found in app/models/drug.rb - About 2 hrs to fix

      Method test_results has a Cognitive Complexity of 11 (exceeds 5 allowed). Consider refactoring.
      Open

        def test_results
    test_result_string = ''
    test_result_string += "Marquis test: #{marquis_test}. " if marquis_test
    test_result_string += "Mandelin test: #{mandelin_test}. " if mandelin_test
    test_result_string += "Mecke test: #{mecke_test}. " if mecke_test
      Severity: Minor
      Found in app/models/drug.rb - About 1 hr to fix

      Cognitive Complexity

      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

      A method's cognitive complexity is based on a few simple rules:

      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
      • Code is considered more complex for each "break in the linear flow of the code"
      • Code is considered more complex when "flow breaking structures are nested"

      Further reading

      Severity
      Category
      Status
      Source
      Language