Issues - fga-gpp-mds/2017.1-Escola-X

Possible XSS vulnerability in ActionView
Open

    actionview (5.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-5267

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/55reWMM_Pg8

Solution: upgrade to >= 5.2.4.2, ~> 5.2.4, >= 6.0.2.2

Ability to forge per-form CSRF tokens given a global CSRF token
Open

    actionpack (5.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8166

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

XML Injection in Xerces Java affects Nokogiri
Open

    nokogiri (1.8.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23437

Criticality: Medium

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xxx9-3xcr-gjj3

Solution: upgrade to >= 1.13.4

ReDoS based DoS vulnerability in Action Dispatch
Open

    actionpack (5.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2023-22795

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Possible RCE escalation bug with Serialized Columns in Active Record
Open

    activerecord (5.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-32224

Criticality: Critical

URL: https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U

Solution: upgrade to >= 5.2.8.1, ~> 5.2.8, >= 6.0.5.1, ~> 6.0.5, >= 6.1.6.1, ~> 6.1.6, >= 7.0.3.1

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

    nokogiri (1.8.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64

Solution: upgrade to >= 1.11.4

XSS vulnerability via data-target in bootstrap-sass
Open

    bootstrap-sass (3.3.7)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2016-10735

Criticality: Medium

URL: https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/

Solution: upgrade to >= 3.4.0

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

    json (2.1.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-10663

Criticality: High

URL: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/

Solution: upgrade to >= 2.3.0

Loofah XSS Vulnerability
Open

    loofah (2.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-16468

Criticality: Medium

URL: https://github.com/flavorjones/loofah/issues/154

Solution: upgrade to >= 2.2.3

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23519

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h

Solution: upgrade to >= 1.4.4

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23517

Criticality: High

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w

Solution: upgrade to >= 1.4.4

Possible exposure of information vulnerability in Action Pack
Open

    actionpack (5.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23633

Criticality: High

URL: https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ

Solution: upgrade to >= 5.2.6.2, ~> 5.2.6, >= 6.0.4.6, ~> 6.0.4, >= 6.1.4.6, ~> 6.1.4, >= 7.0.2.2

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

    activerecord (5.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-44566

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

HTTP Response Splitting vulnerability in puma
Open

    puma (3.9.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-5247

Criticality: Medium

URL: https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v

Solution: upgrade to ~> 3.12.4, >= 4.3.3

CSRF Vulnerability in rails-ujs
Open

    actionview (5.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8167

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

    nokogiri (1.8.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw

Solution: upgrade to >= 1.13.9

Inefficient Regular Expression Complexity in Nokogiri
Open

    nokogiri (1.8.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-24836

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8

Solution: upgrade to >= 1.13.4

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

    nokogiri (1.8.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-41098

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h

Solution: upgrade to >= 1.12.5

Possible Information Disclosure / Unintended Method Execution in Action Pack
Open

    actionpack (5.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-22885

Criticality: High

URL: https://groups.google.com/g/rubyonrails-security/c/NiQl-48cXYI

Solution: upgrade to ~> 5.2.4.6, ~> 5.2.6, >= 6.0.3.7, ~> 6.0.3, >= 6.1.3.2

Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
Open

    activesupport (5.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8165

Criticality: Critical

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

fga-gpp-mds/2017.1-Escola-X

Showing 3,213 of 3,213 total issues

Possible XSS vulnerability in ActionView
Open

Ability to forge per-form CSRF tokens given a global CSRF token
Open

XML Injection in Xerces Java affects Nokogiri
Open

ReDoS based DoS vulnerability in Action Dispatch
Open

Possible RCE escalation bug with Serialized Columns in Active Record
Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

XSS vulnerability via data-target in bootstrap-sass
Open

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

Loofah XSS Vulnerability
Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

Possible exposure of information vulnerability in Action Pack
Open

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

HTTP Response Splitting vulnerability in puma
Open

CSRF Vulnerability in rails-ujs
Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

Inefficient Regular Expression Complexity in Nokogiri
Open

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

Possible Information Disclosure / Unintended Method Execution in Action Pack
Open

Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
Open

Severity

Category

Status

Source

Language

fga-gpp-mds/2017.1-Escola-X

Showing 3,213 of 3,213 total issues

Possible XSS vulnerability in ActionView Open

Ability to forge per-form CSRF tokens given a global CSRF token Open

XML Injection in Xerces Java affects Nokogiri Open

ReDoS based DoS vulnerability in Action Dispatch Open

Possible RCE escalation bug with Serialized Columns in Active Record Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12 Open

XSS vulnerability via data-target in bootstrap-sass Open

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix) Open

Loofah XSS Vulnerability Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer Open

Inefficient Regular Expression Complexity in rails-html-sanitizer Open

Possible exposure of information vulnerability in Action Pack Open

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter Open

HTTP Response Splitting vulnerability in puma Open

CSRF Vulnerability in rails-ujs Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs Open

Inefficient Regular Expression Complexity in Nokogiri Open

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby Open

Possible Information Disclosure / Unintended Method Execution in Action Pack Open

Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore Open

Severity

Category

Status

Source

Language

Possible XSS vulnerability in ActionView
Open

Ability to forge per-form CSRF tokens given a global CSRF token
Open

XML Injection in Xerces Java affects Nokogiri
Open

ReDoS based DoS vulnerability in Action Dispatch
Open

Possible RCE escalation bug with Serialized Columns in Active Record
Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

XSS vulnerability via data-target in bootstrap-sass
Open

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

Loofah XSS Vulnerability
Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

Possible exposure of information vulnerability in Action Pack
Open

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

HTTP Response Splitting vulnerability in puma
Open

CSRF Vulnerability in rails-ujs
Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

Inefficient Regular Expression Complexity in Nokogiri
Open

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

Possible Information Disclosure / Unintended Method Execution in Action Pack
Open

Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
Open