Sign upLogin

fga-gpp-mds/2017.1-Escola-X

View on GitHub
Star

Showing 3,213 of 3,213 total issues

Paperclip Gem for Ruby vulnerable to content type spoofing
Open

    paperclip (3.5.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2015-2963

Criticality: Medium

URL: https://robots.thoughtbot.com/paperclip-security-release

Solution: upgrade to >= 4.2.2

Server-side request forgery in CarrierWave
Open

    carrierwave (0.10.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-21288

Criticality: Medium

URL: https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-fwcm-636p-68r5

Solution: upgrade to ~> 1.3.2, >= 2.1.1

ReDoS based DoS vulnerability in GlobalID
Open

    globalid (0.4.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2023-22799

URL: https://github.com/rails/globalid/releases/tag/v1.0.1

Solution: upgrade to >= 1.0.1

Code Injection vulnerability in CarrierWave::RMagick
Open

    carrierwave (0.10.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-21305

Criticality: High

URL: https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-cf3w-g86h-35x4

Solution: upgrade to ~> 1.3.2, >= 2.1.1

HTTP Request Smuggling in puma
Open

    puma (3.9.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-24790

Criticality: Critical

URL: https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9

Solution: upgrade to ~> 4.3.12, >= 5.6.4

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma
Open

    puma (3.9.1)
Severity: Info
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-41136

Criticality: Low

URL: https://github.com/puma/puma/security/advisories/GHSA-48w2-rm65-62xx

Solution: upgrade to ~> 4.3.9, >= 5.5.1

Paperclip Gem for Ruby contains a flaw
Open

    paperclip (3.5.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: OSVDB-103151

URL: http://osvdb.org/show/osvdb/103151

Solution: upgrade to >= 4.0.0

Keepalive Connections Causing Denial Of Service in puma
Open

    puma (3.9.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-29509

Criticality: High

URL: https://github.com/puma/puma/security/advisories/GHSA-q28m-8xjw-8vr5

Solution: upgrade to ~> 4.3.8, >= 5.3.1

Information Exposure with Puma when used with Rails
Open

    puma (3.9.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23634

Criticality: High

URL: https://github.com/puma/puma/security/advisories/GHSA-rmj8-8hhh-gv5h

Solution: upgrade to ~> 4.3.11, >= 5.6.2

Paperclip ruby gem suffers from a Server-Side Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter and Paperclip::HttpUrlProxyAdapter class.
Open

    paperclip (3.5.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2017-0889

Criticality: Critical

URL: https://github.com/thoughtbot/paperclip/pull/2435

Solution: upgrade to >= 5.2.0

File escolaX.rb has 689 lines of code (exceeds 250 allowed). Consider refactoring.
Open

require 'selenium-webdriver'

driver = Selenium::WebDriver.for :chrome

@selenium
Severity: Major
Found in features/step_definitions/escolaX.rb - About 1 day to fix

    Class has too many lines. [140/100]
    Open

     class AlumnsController < ApplicationController
  include SessionsHelper

  def index
    if ( is_parent? )
    Severity: Minor
    Found in app/controllers/alumns_controller.rb by rubocop

    This cop checks if the length a class exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

    Class has too many lines. [120/100]
    Open

    class SubjectsController < ApplicationController
    include SessionsHelper

  def index
      if ( is_principal? or is_teacher? )
    Severity: Minor
    Found in app/controllers/subjects_controller.rb by rubocop

    This cop checks if the length a class exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

    Class has too many lines. [118/100]
    Open

    class ClassroomsController < ApplicationController
  include SessionsHelper

  def index
    if ( is_principal? or is_secretary? )
    Severity: Minor
    Found in app/controllers/classrooms_controller.rb by rubocop

    This cop checks if the length a class exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

    Module has too many lines. [111/100]
    Open

    module SessionsHelper
  def current_user
    if ( !@current_user.nil? )
      @current_user = @current_user
    else
    Severity: Minor
    Found in app/helpers/sessions_helper.rb by rubocop

    This cop checks if the length a module exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

    Class has too many lines. [110/100]
    Open

    class ParentsController < ApplicationController
  include SessionsHelper

  def index
    if ( is_employee? )
    Severity: Minor
    Found in app/controllers/parents_controller.rb by rubocop

    This cop checks if the length a class exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

    Class has too many lines. [107/100]
    Open

    class TeachersController < ApplicationController

  include SessionsHelper

  def index
    Severity: Minor
    Found in app/controllers/teachers_controller.rb by rubocop

    This cop checks if the length a class exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

    HTTP Smuggling via Transfer-Encoding Header in Puma
    Open

        puma (3.9.1)
    Severity: Minor
    Found in Gemfile.lock by bundler-audit

    Advisory: CVE-2020-11077

    Criticality: Medium

    URL: https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm

    Solution: upgrade to ~> 3.12.6, >= 4.3.5

    Directory traversal in Rack::Directory app bundled with Rack
    Open

        rack (2.0.3)
    Severity: Critical
    Found in Gemfile.lock by bundler-audit

    Advisory: CVE-2020-8161

    Criticality: High

    URL: https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA

    Solution: upgrade to ~> 2.1.3, >= 2.2.0

    ReDoS based DoS vulnerability in Action Dispatch
    Open

        actionpack (5.0.3)
    Severity: Minor
    Found in Gemfile.lock by bundler-audit

    Advisory: CVE-2023-22792

    URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

    Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

    Severity
    Category
    Status
    Source
    Language