Sign upLogin

fedibird/mastodon

View on GitHub
Star

Showing 714 of 714 total issues

Information Disclosure Through EXPLAIN Feature
Open

    pghero (2.8.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2023-22626

Criticality: High

URL: https://github.com/ankane/pghero/issues/439

Solution: upgrade to >= 3.1.0

CSRF vulnerability in OmniAuth's request phase
Open

    omniauth (1.9.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2015-9284

Criticality: High

URL: https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284

Solution: upgrade to >= 2.0.0

ReDoS based DoS vulnerability in GlobalID
Open

    globalid (0.4.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2023-22799

URL: https://github.com/rails/globalid/releases/tag/v1.0.1

Solution: upgrade to >= 1.0.1

Class has too many lines. [432/400]
Open

class Account < ApplicationRecord
  self.ignored_columns = %w(
    subscription_expires_at
    secret
    remote_url
Severity: Minor
Found in app/models/account.rb by rubocop

This cop checks if the length a class exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

You can set literals you want to fold with CountAsOne. Available are: 'array', 'hash', and 'heredoc'. Each literal will be counted as one line regardless of its actual size.

Example: CountAsOne: ['array', 'heredoc']

class Foo
  ARRAY = [         # +1
    1,
    2
  ]

  HASH = {          # +3
    key: 'value'
  }

  MSG = <<~HEREDOC  # +1
    Heredoc
    content.
  HEREDOC
end                 # 5 points

NOTE: This cop also applies for Struct definitions.

Class has too many lines. [425/400]
Open

class ActivityPub::Activity::Create < ActivityPub::Activity
  def perform
    dereference_object!

    case @object['type']
Severity: Minor
Found in app/lib/activitypub/activity/create.rb by rubocop

This cop checks if the length a class exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

You can set literals you want to fold with CountAsOne. Available are: 'array', 'hash', and 'heredoc'. Each literal will be counted as one line regardless of its actual size.

Example: CountAsOne: ['array', 'heredoc']

class Foo
  ARRAY = [         # +1
    1,
    2
  ]

  HASH = {          # +3
    key: 'value'
  }

  MSG = <<~HEREDOC  # +1
    Heredoc
    content.
  HEREDOC
end                 # 5 points

NOTE: This cop also applies for Struct definitions.

Module has too many lines. [205/200]
Open

module AccountInteractions
  extend ActiveSupport::Concern

  included do
    # Follow relations
Severity: Minor
Found in app/models/concerns/account_interactions.rb by rubocop

This cop checks if the length a module exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

You can set literals you want to fold with CountAsOne. Available are: 'array', 'hash', and 'heredoc'. Each literal will be counted as one line regardless of its actual size.

Example: CountAsOne: ['array', 'heredoc']

module M
  ARRAY = [         # +1
    1,
    2
  ]

  HASH = {          # +3
    key: 'value'
  }

  MSG = <<~HEREDOC  # +1
    Heredoc
    content.
  HEREDOC
end                 # 5 points

Class has too many lines. [401/400]
Open

class Status < ApplicationRecord
  before_destroy :unlink_from_conversations

  include Discard::Model
  include Paginable
Severity: Minor
Found in app/models/status.rb by rubocop

This cop checks if the length a class exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

You can set literals you want to fold with CountAsOne. Available are: 'array', 'hash', and 'heredoc'. Each literal will be counted as one line regardless of its actual size.

Example: CountAsOne: ['array', 'heredoc']

class Foo
  ARRAY = [         # +1
    1,
    2
  ]

  HASH = {          # +3
    key: 'value'
  }

  MSG = <<~HEREDOC  # +1
    Heredoc
    content.
  HEREDOC
end                 # 5 points

NOTE: This cop also applies for Struct definitions.

Out-of-bounds Write in zlib affects Nokogiri
Open

    nokogiri (1.12.3)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-25032

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5

Solution: upgrade to >= 1.13.4

Inefficient Regular Expression Complexity in Nokogiri
Open

    nokogiri (1.12.3)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-24836

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8

Solution: upgrade to >= 1.13.4

Improper Handling of Unexpected Data Type in Nokogiri
Open

    nokogiri (1.12.3)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-29181

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m

Solution: upgrade to >= 1.13.6

HTTP Request Smuggling in puma
Open

    puma (5.4.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-24790

Criticality: Critical

URL: https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9

Solution: upgrade to ~> 4.3.12, >= 5.6.4

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

    rails-html-sanitizer (1.3.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23520

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8

Solution: upgrade to >= 1.4.4

XML Injection in Xerces Java affects Nokogiri
Open

    nokogiri (1.12.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23437

Criticality: Medium

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xxx9-3xcr-gjj3

Solution: upgrade to >= 1.13.4

Improper neutralization of data URIs may allow XSS in Loofah
Open

    loofah (2.10.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23515

Criticality: Medium

URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-228g-948r-83gx

Solution: upgrade to >= 2.19.1

Inefficient Regular Expression Complexity in Loofah
Open

    loofah (2.10.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23514

Criticality: High

URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-486f-hjj9-9vhh

Solution: upgrade to >= 2.19.1

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma
Open

    puma (5.4.0)
Severity: Info
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-41136

Criticality: Low

URL: https://github.com/puma/puma/security/advisories/GHSA-48w2-rm65-62xx

Solution: upgrade to ~> 4.3.9, >= 5.5.1

Denial of Service (DoS) in Nokogiri on JRuby
Open

    nokogiri (1.12.3)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-24839

Criticality: High

URL: https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv

Solution: upgrade to >= 1.13.4

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

    rails-html-sanitizer (1.3.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23519

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h

Solution: upgrade to >= 1.4.4

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

    rails-html-sanitizer (1.3.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-32209

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/ce9PhUANQ6s

Solution: upgrade to >= 1.4.3

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

    rails-html-sanitizer (1.3.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23517

Criticality: High

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w

Solution: upgrade to >= 1.4.4

Severity
Category
Status
Source
Language