expertiza/expertiza

View on GitHub

Showing 2,783 of 2,792 total issues

open-uri-cached Gem for Ruby Unsafe Temporary File Creation Local Privilege Escalation
Open

    open-uri-cached (0.0.5)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2015-3649

URL: http://seclists.org/oss-sec/2015/q2/373

Solution: remove or disable this gem until a patch is available!

activerecord-session_store Timing Attack
Open

    activerecord-session_store (1.1.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-25025

Criticality: Medium

URL: https://github.com/advisories/GHSA-cvw2-xj8r-mjf7

Solution: upgrade to >= 2.0.0

Remote code execution in Kramdown
Open

    kramdown (1.17.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-28834

Criticality: Critical

URL: https://github.com/advisories/GHSA-52p9-v744-mwjj

Solution: upgrade to >= 2.3.1

CSRF vulnerability in OmniAuth's request phase
Open

    omniauth (1.8.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2015-9284

Criticality: High

URL: https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284

Solution: upgrade to >= 2.0.0

Directory traversal in Rack::Directory app bundled with Rack
Open

    rack (1.6.11)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8161

URL: https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA

Solution: upgrade to ~> 2.1.3, >= 2.2.0

Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
Open

    activesupport (4.2.11.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8165

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

Ability to forge per-form CSRF tokens given a global CSRF token
Open

    actionpack (4.2.11.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8166

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

Possible XSS vulnerability in ActionView
Open

    actionview (4.2.11.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-5267

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/55reWMM_Pg8

Solution: upgrade to >= 5.2.4.2, ~> 5.2.4, >= 6.0.2.2

Possible Strong Parameters Bypass in ActionPack
Open

    actionpack (4.2.11.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8164

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

    rack (1.6.11)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8184

URL: https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak

Solution: upgrade to ~> 2.1.4, >= 2.2.3

CSRF Vulnerability in rails-ujs
Open

    actionview (4.2.11.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8167

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

Possible DoS Vulnerability in Active Record PostgreSQL adapter
Open

    activerecord (4.2.11.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-22880

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/ZzUqCh9vyhI

Solution: upgrade to >= 5.2.4.5, ~> 5.2.4, ~> 6.0.3.5, >= 6.1.2.1

Unintended read access in kramdown gem
Open

    kramdown (1.17.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-14001

Criticality: Critical

URL: https://github.com/advisories/GHSA-mqm2-cgpr-p4m6

Solution: upgrade to >= 2.3.0

Potential XSS vulnerability in Action View
Open

    actionview (4.2.11.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-15169

URL: https://groups.google.com/g/rubyonrails-security/c/b-C9kSGXYrc

Solution: upgrade to >= 5.2.4.4, ~> 5.2.4, >= 6.0.3.3

XSS Vulnerability on closeText option of Dialog jQuery UI
Open

    jquery-ui-rails (4.0.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2016-7103

Criticality: Medium

URL: https://github.com/jquery/api.jqueryui.com/issues/281

Solution: upgrade to >= 6.0.0

Block has too many lines. [601/25]
Open

describe "assignment function" do
  before(:each) do
    create(:deadline_type, name: "submission")
    create(:deadline_type, name: "review")
    create(:deadline_type, name: "metareview")

This cop checks if the length of a block exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable. The cop can be configured to ignore blocks passed to certain methods.

Block has too many lines. [590/25]
Open

describe QuestionnairesController do
  let(:questionnaire) do
    build(id: 1, name: 'questionnaire', ta_id: 8, course_id: 1, private: false, min_question_score: 0, max_question_score: 5, type: 'ReviewQuestionnaire')
  end
  let(:questionnaire) { build(:questionnaire) }

This cop checks if the length of a block exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable. The cop can be configured to ignore blocks passed to certain methods.

Block has too many lines. [529/25]
Open

describe ReviewMappingController do
  let(:assignment) { double('Assignment', id: 1) }
  let(:review_response_map) do
    double('ReviewResponseMap', id: 1, map_id: 1, assignment: assignment,
                                reviewer: double('Participant', id: 1, name: 'reviewer'), reviewee: double('Participant', id: 2, name: 'reviewee'))

This cop checks if the length of a block exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable. The cop can be configured to ignore blocks passed to certain methods.

Block has too many lines. [488/25]
Open

describe Assignment do
  let(:assignment) { build(:assignment, id: 1, name: 'no assignment', participants: [participant], teams: [team]) }
  let(:instructor) { build(:instructor, id: 6) }
  let(:student) { build(:student, id: 3, name: 'no one') }
  let(:review_response_map) { build(:review_response_map, response: [response], reviewer: build(:participant), reviewee: build(:assignment_team)) }
Severity: Minor
Found in spec/models/assignment_spec.rb by rubocop

This cop checks if the length of a block exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable. The cop can be configured to ignore blocks passed to certain methods.

Block has too many lines. [439/25]
Open

describe SignUpSheetController do
  let(:assignment) { build(:assignment, id: 1, instructor_id: 6, due_dates: [due_date], microtask: true, staggered_deadline: true) }
  let(:instructor) { build(:instructor, id: 6) }
  let(:student) { build(:student, id: 8) }
  let(:participant) { build(:participant, id: 1, user_id: 6, assignment: assignment) }

This cop checks if the length of a block exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable. The cop can be configured to ignore blocks passed to certain methods.

Severity
Category
Status
Source
Language