Sign upLogin

georgebellos/real_estate

View on GitHub
Star

Showing 829 of 829 total issues

activeresource Gem for Ruby lib/active_resource/base.rb element_path Lack of Encoding
Open

    activeresource (3.2.13)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8151

Criticality: High

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/pktoF4VmiM8

Solution: upgrade to >= 5.1.1

HTTP Response Splitting vulnerability in puma
Open

    puma (2.1.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-5247

Criticality: Medium

URL: https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v

Solution: upgrade to ~> 3.12.4, >= 4.3.3

Directory Traversal in rubyzip
Open

    rubyzip (0.9.9)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-1000544

Criticality: Critical

URL: https://github.com/rubyzip/rubyzip/issues/369

Solution: upgrade to >= 1.2.2

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

    rack (1.4.5)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8184

Criticality: High

URL: https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak

Solution: upgrade to ~> 2.1.4, >= 2.2.3

Possible shell escape sequence injection vulnerability in Rack
Open

    rack (1.4.5)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-30123

Criticality: Critical

URL: https://groups.google.com/g/ruby-security-ann/c/LWB10kWzag8

Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1

Denial of service in sidekiq
Open

    sidekiq (2.12.4)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23837

Criticality: High

URL: https://github.com/mperham/sidekiq/commit/7785ac1399f1b28992adb56055f6acd88fd1d956

Solution: upgrade to >= 6.4.0, ~> 5.2.10

simple_form Gem for Ruby Incorrect Access Control for forms based on user input
Open

    simple_form (2.1.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-16676

Criticality: Critical

URL: https://github.com/plataformatec/simple_form/security/advisories/GHSA-r74q-gxcg-73hx

Solution: upgrade to >= 5.0

Server-side request forgery in CarrierWave
Open

    carrierwave (0.8.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-21288

Criticality: Medium

URL: https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-fwcm-636p-68r5

Solution: upgrade to ~> 1.3.2, >= 2.1.1

HTTP Response Splitting (Early Hints) in Puma
Open

    puma (2.1.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-5249

Criticality: Medium

URL: https://github.com/puma/puma/security/advisories/GHSA-33vf-4xgg-9r58

Solution: upgrade to ~> 3.12.4, >= 4.3.3

Denial of Service in rubyzip ("zip bombs")
Open

    rubyzip (0.9.9)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-16892

Criticality: Medium

URL: https://github.com/rubyzip/rubyzip/pull/403

Solution: upgrade to >= 1.3.0

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

    nokogiri (1.5.9)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory:

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-cgx6-hpwq-fhv5

Solution: upgrade to >= 1.13.5

Geocoder gem for Ruby contains possible SQL injection vulnerability
Open

    geocoder (1.1.8)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-7981

Criticality: Critical

URL: https://github.com/alexreisner/geocoder/blob/master/CHANGELOG.md#161-2020-jan-23

Solution: upgrade to >= 1.6.1

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

    nokogiri (1.5.9)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory:

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64

Solution: upgrade to >= 1.11.4

Nokogiri Gem for JRuby XML Document Root Element Handling Memory Consumption Remote DoS
Open

    nokogiri (1.5.9)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: OSVDB-118481

URL: https://github.com/sparklemotion/nokogiri/pull/1087

Solution: upgrade to >= 1.6.3

i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS
Open

    i18n (0.6.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2014-10077

URL: https://github.com/svenfuchs/i18n/pull/289

Solution: upgrade to >= 0.8.0

Improper Handling of Unexpected Data Type in Nokogiri
Open

    nokogiri (1.5.9)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-29181

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m

Solution: upgrade to >= 1.13.6

Revert libxml2 behavior in Nokogiri gem that could cause XSS
Open

    nokogiri (1.5.9)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-8048

URL: https://github.com/sparklemotion/nokogiri/pull/1746

Solution: upgrade to >= 1.8.3

XML Injection in Xerces Java affects Nokogiri
Open

    nokogiri (1.5.9)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23437

Criticality: Medium

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xxx9-3xcr-gjj3

Solution: upgrade to >= 1.13.4

Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29
Open

    nokogiri (1.5.9)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2017-5029

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1634

Solution: upgrade to >= 1.7.2

Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Open

    nokogiri (1.5.9)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-11068

URL: https://github.com/sparklemotion/nokogiri/issues/1892

Solution: upgrade to >= 1.10.3

Severity
Category
Status
Source
Language