Sign upLogin

fga-gpp-mds/Falko-2017.2-BackEnd

View on GitHub
Star

Showing 91 of 95 total issues

HTTP Response Splitting vulnerability in puma
Open

    puma (3.10.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Keepalive thread overload/DoS in puma
Open

    puma (3.10.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Code Injection vulnerability in CarrierWave::RMagick
Open

    carrierwave (1.2.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Potential XSS vulnerability in Action View
Open

    actionview (5.1.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

    nokogiri (1.8.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Inefficient Regular Expression Complexity in Nokogiri
Open

    nokogiri (1.8.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Possible Information Disclosure / Unintended Method Execution in Action Pack
Open

    actionpack (5.1.4)
Severity: Critical
Found in Gemfile.lock by bundler-audit

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

    json (2.1.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Improper Handling of Unexpected Data Type in Nokogiri
Open

    nokogiri (1.8.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

    puma (3.10.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

    rack (2.0.3)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Ability to forge per-form CSRF tokens given a global CSRF token
Open

    actionpack (5.1.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Possible exposure of information vulnerability in Action Pack
Open

    actionpack (5.1.4)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Possible XSS Vulnerability in Action View tag helpers
Open

    actionview (5.1.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

CSRF Vulnerability in rails-ujs
Open

    actionview (5.1.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

ReDoS based DoS vulnerability in Active Support’s underscore
Open

    activesupport (5.1.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Improper neutralization of data URIs may allow XSS in Loofah
Open

    loofah (2.1.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

    nokogiri (1.8.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

    rails-html-sanitizer (1.0.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Server-side request forgery in CarrierWave
Open

    carrierwave (1.2.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit
Severity
Category
Status
Source
Language