expertiza/expertiza

View on GitHub

Showing 4,497 of 4,497 total issues

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

    nokogiri (1.10.10)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory:

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64

Solution: upgrade to >= 1.11.4

Ability to forge per-form CSRF tokens given a global CSRF token
Open

    actionpack (5.1.6)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8166

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
Open

    activesupport (5.1.6)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8165

Criticality: Critical

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

Possible Strong Parameters Bypass in ActionPack
Open

    actionpack (5.1.6)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8164

Criticality: High

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

Possible exposure of information vulnerability in Action Pack
Open

    actionpack (5.1.6)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23633

Criticality: High

URL: https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ

Solution: upgrade to >= 5.2.6.2, ~> 5.2.6, >= 6.0.4.6, ~> 6.0.4, >= 6.1.4.6, ~> 6.1.4, >= 7.0.2.2

Code injection in ruby git
Open

    git (1.12.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-47318

Criticality: High

URL: https://github.com/ruby-git/ruby-git/pull/602

Solution: upgrade to >= 1.13.0

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

    nokogiri (1.10.10)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Possible DoS Vulnerability in Active Record PostgreSQL adapter
Open

    activerecord (5.1.6)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-22880

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/ZzUqCh9vyhI

Solution: upgrade to >= 5.2.4.5, ~> 5.2.4, >= 6.0.3.5, ~> 6.0.3, >= 6.1.2.1

A potential Denial of Service issue in protobuf-java
Open

    google-protobuf (3.8.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-22569

Criticality: High

URL: https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-wrvw-hg22-4m67

Solution: upgrade to >= 3.19.2

XML Injection in Xerces Java affects Nokogiri
Open

    nokogiri (1.10.10)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23437

Criticality: Medium

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xxx9-3xcr-gjj3

Solution: upgrade to >= 1.13.4

Inefficient Regular Expression Complexity in Nokogiri
Open

    nokogiri (1.10.10)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-24836

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8

Solution: upgrade to >= 1.13.4

Possible Information Disclosure / Unintended Method Execution in Action Pack
Open

    actionpack (5.1.6)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-22885

Criticality: High

URL: https://groups.google.com/g/rubyonrails-security/c/NiQl-48cXYI

Solution: upgrade to ~> 5.2.4.6, ~> 5.2.6, >= 6.0.3.7, ~> 6.0.3, >= 6.1.3.2

Potential XSS vulnerability in Action View
Open

    actionview (5.1.6)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-15169

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/b-C9kSGXYrc

Solution: upgrade to >= 5.2.4.4, ~> 5.2.4, >= 6.0.3.3

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

    activerecord (5.1.6)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-44566

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Inefficient Regular Expression Complexity in Loofah
Open

    loofah (2.18.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23514

Criticality: High

URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-486f-hjj9-9vhh

Solution: upgrade to >= 2.19.1

Out-of-bounds Write in zlib affects Nokogiri
Open

    nokogiri (1.10.10)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-25032

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5

Solution: upgrade to >= 1.13.4

Possible DoS Vulnerability in Action Controller Token Authentication
Open

    actionpack (5.1.6)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-22904

Criticality: High

URL: https://groups.google.com/g/rubyonrails-security/c/Pf1TjkOBdyQ

Solution: upgrade to ~> 5.2.4.6, ~> 5.2.6, >= 6.0.3.7, ~> 6.0.3, >= 6.1.3.2

Possible XSS Vulnerability in Action View tag helpers
Open

    actionview (5.1.6)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-27777

Criticality: Medium

URL: https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw

Solution: upgrade to >= 5.2.7.1, ~> 5.2.7, >= 6.0.4.8, ~> 6.0.4, >= 6.1.5.1, ~> 6.1.5, >= 7.0.2.4

Possible RCE escalation bug with Serialized Columns in Active Record
Open

    activerecord (5.1.6)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-32224

Criticality: Critical

URL: https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U

Solution: upgrade to >= 5.2.8.1, ~> 5.2.8, >= 6.0.5.1, ~> 6.0.5, >= 6.1.6.1, ~> 6.1.6, >= 7.0.3.1

Block has too many lines. [121/25]
Open

describe Questionnaire do
  let(:questionnaire) { Questionnaire.new name: 'abc', private: 0, min_question_score: 0, max_question_score: 10, instructor_id: 1234 }
  let(:questionnaire1) { Questionnaire.new name: 'xyz', private: 0, max_question_score: 20, instructor_id: 1234 }
  let(:assignment) { build(:assignment, id: 1, name: 'no assignment', participants: [participant], teams: [team]) }
  let(:team) { build(:assignment_team, id: 1, name: 'no team') }
Severity: Minor
Found in spec/models/questionnaire_spec.rb by rubocop

This cop checks if the length of a block exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable. The cop can be configured to ignore blocks passed to certain methods.

Severity
Category
Status
Source
Language