expertiza/expertiza

View on GitHub
Gemfile.lock

Summary

Maintainability
Test Coverage

CSRF vulnerability in OmniAuth's request phase
Open

    omniauth (1.8.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2015-9284

Criticality: High

URL: https://github.com/omniauth/omniauth/pull/809

Solution: remove or disable this gem until a patch is available!

open-uri-cached Gem for Ruby Unsafe Temporary File Creation Local Privilege Escalation
Open

    open-uri-cached (0.0.5)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2015-3649

URL: http://seclists.org/oss-sec/2015/q2/373

Solution: remove or disable this gem until a patch is available!

libxml2 2.9.10 has an infinite loop in a certain end-of-file situation
Open

    nokogiri (1.9.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-7595

Criticality: Medium

URL: https://github.com/sparklemotion/nokogiri/issues/1992

Solution: upgrade to >= 1.10.8

Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Open

    nokogiri (1.9.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-11068

URL: https://github.com/sparklemotion/nokogiri/issues/1892

Solution: upgrade to >= 1.10.3

Loofah XSS Vulnerability
Open

    loofah (2.2.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-15587

URL: https://github.com/flavorjones/loofah/issues/171

Solution: upgrade to >= 2.3.1

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

    nokogiri (1.9.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-5477

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1915

Solution: upgrade to >= 1.10.4

Denial of Service in rubyzip ("zip bombs")
Open

    rubyzip (1.2.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-16892

URL: https://github.com/rubyzip/rubyzip/pull/403

Solution: upgrade to >= 1.3.0

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

    nokogiri (1.9.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-13117

URL: https://github.com/sparklemotion/nokogiri/issues/1943

Solution: upgrade to >= 1.10.5

Possible information leak / session hijack vulnerability
Open

    rack (1.6.11)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-16782

URL: https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3

Solution: upgrade to ~> 1.6.12, >= 2.0.8

There are no issues that match your filters.

Category
Status