Showing 829 of 829 total issues
activeresource Gem for Ruby lib/active_resource/base.rb element_path Lack of Encoding Open
activeresource (3.2.13)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-8151
Criticality: High
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/pktoF4VmiM8
Solution: upgrade to >= 5.1.1
HTTP Response Splitting vulnerability in puma Open
puma (2.1.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-5247
Criticality: Medium
URL: https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v
Solution: upgrade to ~> 3.12.4, >= 4.3.3
Directory Traversal in rubyzip Open
rubyzip (0.9.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2018-1000544
Criticality: Critical
URL: https://github.com/rubyzip/rubyzip/issues/369
Solution: upgrade to >= 1.2.2
Percent-encoded cookies can be used to overwrite existing prefixed cookie names Open
rack (1.4.5)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-8184
Criticality: High
URL: https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak
Solution: upgrade to ~> 2.1.4, >= 2.2.3
Possible shell escape sequence injection vulnerability in Rack Open
rack (1.4.5)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-30123
Criticality: Critical
URL: https://groups.google.com/g/ruby-security-ann/c/LWB10kWzag8
Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1
Denial of service in sidekiq Open
sidekiq (2.12.4)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-23837
Criticality: High
URL: https://github.com/mperham/sidekiq/commit/7785ac1399f1b28992adb56055f6acd88fd1d956
Solution: upgrade to >= 6.4.0, ~> 5.2.10
simple_form Gem for Ruby Incorrect Access Control for forms based on user input Open
simple_form (2.1.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-16676
Criticality: Critical
URL: https://github.com/plataformatec/simple_form/security/advisories/GHSA-r74q-gxcg-73hx
Solution: upgrade to >= 5.0
Server-side request forgery in CarrierWave Open
carrierwave (0.8.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2021-21288
Criticality: Medium
URL: https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-fwcm-636p-68r5
Solution: upgrade to ~> 1.3.2, >= 2.1.1
HTTP Response Splitting (Early Hints) in Puma Open
puma (2.1.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-5249
Criticality: Medium
URL: https://github.com/puma/puma/security/advisories/GHSA-33vf-4xgg-9r58
Solution: upgrade to ~> 3.12.4, >= 4.3.3
Denial of Service in rubyzip ("zip bombs") Open
rubyzip (0.9.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-16892
Criticality: Medium
URL: https://github.com/rubyzip/rubyzip/pull/403
Solution: upgrade to >= 1.3.0
Integer Overflow or Wraparound in libxml2 affects Nokogiri Open
nokogiri (1.5.9)
- Read upRead up
- Exclude checks
Advisory:
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-cgx6-hpwq-fhv5
Solution: upgrade to >= 1.13.5
Geocoder gem for Ruby contains possible SQL injection vulnerability Open
geocoder (1.1.8)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-7981
Criticality: Critical
URL: https://github.com/alexreisner/geocoder/blob/master/CHANGELOG.md#161-2020-jan-23
Solution: upgrade to >= 1.6.1
Update packaged dependency libxml2 from 2.9.10 to 2.9.12 Open
nokogiri (1.5.9)
- Read upRead up
- Exclude checks
Advisory:
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64
Solution: upgrade to >= 1.11.4
Nokogiri Gem for JRuby XML Document Root Element Handling Memory Consumption
Remote DoS Open
nokogiri (1.5.9)
- Read upRead up
- Exclude checks
Advisory: OSVDB-118481
URL: https://github.com/sparklemotion/nokogiri/pull/1087
Solution: upgrade to >= 1.6.3
i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS Open
i18n (0.6.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2014-10077
URL: https://github.com/svenfuchs/i18n/pull/289
Solution: upgrade to >= 0.8.0
Improper Handling of Unexpected Data Type in Nokogiri Open
nokogiri (1.5.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-29181
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m
Solution: upgrade to >= 1.13.6
Revert libxml2 behavior in Nokogiri gem that could cause XSS Open
nokogiri (1.5.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2018-8048
URL: https://github.com/sparklemotion/nokogiri/pull/1746
Solution: upgrade to >= 1.8.3
XML Injection in Xerces Java affects Nokogiri Open
nokogiri (1.5.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-23437
Criticality: Medium
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xxx9-3xcr-gjj3
Solution: upgrade to >= 1.13.4
Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29 Open
nokogiri (1.5.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2017-5029
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/issues/1634
Solution: upgrade to >= 1.7.2
Nokogiri gem, via libxslt, is affected by improper access control vulnerability Open
nokogiri (1.5.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-11068
URL: https://github.com/sparklemotion/nokogiri/issues/1892
Solution: upgrade to >= 1.10.3