Issues - fga-gpp-mds/Falko-2017.2-BackEnd

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma
Open

    puma (3.10.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

HTTP Request Smuggling in puma
Open

    puma (3.10.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

ReDoS based DoS vulnerability in GlobalID
Open

    globalid (0.4.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Keepalive Connections Causing Denial Of Service in puma
Open

    puma (3.10.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Information Exposure with Puma when used with Rails
Open

    puma (3.10.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Possible XSS vulnerability in ActionView
Open

    actionview (5.1.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

    activerecord (5.1.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Possible RCE escalation bug with Serialized Columns in Active Record
Open

    activerecord (5.1.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Devise Gem for Ruby confirmation token validation with a blank string
Open

    devise (4.3.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Loofah XSS Vulnerability
Open

    loofah (2.1.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

    nokogiri (1.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

    puma (3.10.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Devise Gem for Ruby Time-of-check Time-of-use race condition with lockable module
Open

    devise (4.3.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Possible Strong Parameters Bypass in ActionPack
Open

    actionpack (5.1.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Loofah XSS Vulnerability
Open

    loofah (2.1.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

    nokogiri (1.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

    nokogiri (1.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Out-of-bounds Write in zlib affects Nokogiri
Open

    nokogiri (1.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
Open

    activesupport (5.1.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

fga-gpp-mds/Falko-2017.2-BackEnd

Showing 91 of 95 total issues

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma
Open

HTTP Request Smuggling in puma
Open

ReDoS based DoS vulnerability in GlobalID
Open

Keepalive Connections Causing Denial Of Service in puma
Open

Information Exposure with Puma when used with Rails
Open

Possible XSS vulnerability in ActionView
Open

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

Possible RCE escalation bug with Serialized Columns in Active Record
Open

Devise Gem for Ruby confirmation token validation with a blank string
Open

Loofah XSS Vulnerability
Open

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

Devise Gem for Ruby Time-of-check Time-of-use race condition with lockable module
Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

Possible Strong Parameters Bypass in ActionPack
Open

Loofah XSS Vulnerability
Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

Out-of-bounds Write in zlib affects Nokogiri
Open

Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
Open

Severity

Category

Status

Source

Language

fga-gpp-mds/Falko-2017.2-BackEnd

Showing 91 of 95 total issues

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma Open

HTTP Request Smuggling in puma Open

ReDoS based DoS vulnerability in GlobalID Open

Keepalive Connections Causing Denial Of Service in puma Open

Information Exposure with Puma when used with Rails Open

Possible XSS vulnerability in ActionView Open

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter Open

Possible RCE escalation bug with Serialized Columns in Active Record Open

Devise Gem for Ruby confirmation token validation with a blank string Open

Loofah XSS Vulnerability Open

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities Open

HTTP Smuggling via Transfer-Encoding Header in Puma Open

Devise Gem for Ruby Time-of-check Time-of-use race condition with lockable module Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer Open

Possible Strong Parameters Bypass in ActionPack Open

Loofah XSS Vulnerability Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12 Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability Open

Out-of-bounds Write in zlib affects Nokogiri Open

Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore Open

Severity

Category

Status

Source

Language

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma
Open

HTTP Request Smuggling in puma
Open

ReDoS based DoS vulnerability in GlobalID
Open

Keepalive Connections Causing Denial Of Service in puma
Open

Information Exposure with Puma when used with Rails
Open

Possible XSS vulnerability in ActionView
Open

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

Possible RCE escalation bug with Serialized Columns in Active Record
Open

Devise Gem for Ruby confirmation token validation with a blank string
Open

Loofah XSS Vulnerability
Open

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

Devise Gem for Ruby Time-of-check Time-of-use race condition with lockable module
Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

Possible Strong Parameters Bypass in ActionPack
Open

Loofah XSS Vulnerability
Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

Out-of-bounds Write in zlib affects Nokogiri
Open

Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
Open