Showing 829 of 829 total issues
omniauth-facebook Gem for Ruby Insecure Access Token Handling Authentication Bypass Open
omniauth-facebook (1.4.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2013-4593
Criticality: Medium
URL: https://nvd.nist.gov/vuln/detail/CVE-2013-4593
Solution: upgrade to >= 1.5.1
Nokogiri gem, via libxslt, is affected by multiple vulnerabilities Open
nokogiri (1.5.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-13117
URL: https://github.com/sparklemotion/nokogiri/issues/1943
Solution: upgrade to >= 1.10.5
CVE-2015-1820 rubygem-rest-client: session fixation vulnerability Set-Cookie headers present in an HTTP 30x redirection responses Open
rest-client (1.6.7)
- Read upRead up
- Exclude checks
Advisory: CVE-2015-1820
Criticality: Critical
URL: https://github.com/rest-client/rest-client/issues/369
Solution: upgrade to >= 1.8.0
Inefficient Regular Expression Complexity in Nokogiri Open
nokogiri (1.5.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-24836
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8
Solution: upgrade to >= 1.13.4
Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby Open
nokogiri (1.5.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2021-41098
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h
Solution: upgrade to >= 1.12.5
libxml2 2.9.10 has an infinite loop in a certain end-of-file situation Open
nokogiri (1.5.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-7595
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/issues/1992
Solution: upgrade to >= 1.10.8
Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35) Open
nokogiri (1.5.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2021-30560
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2
Solution: upgrade to >= 1.13.2
Improper Certificate Validation in oauth ruby gem Open
oauth (0.4.7)
- Read upRead up
- Exclude checks
Advisory: CVE-2016-11086
Criticality: High
URL: https://github.com/advisories/GHSA-7359-3c6r-hfc2
Solution: upgrade to >= 0.5.5
CSRF Vulnerability in jquery-rails Open
jquery-rails (3.0.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2015-1840
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/XIZPbobuwaY
Solution: upgrade to >= 4.0.4, ~> 3.1.3
Nokogiri gem, via libxml, is affected by DoS vulnerabilities Open
nokogiri (1.5.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2017-16932
URL: https://github.com/sparklemotion/nokogiri/issues/1714
Solution: upgrade to >= 1.8.1
Moderate severity vulnerability that affects nokogiri Open
nokogiri (1.5.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2017-18258
Criticality: Medium
URL: https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb
Solution: upgrade to >= 1.8.2
OmniAuth's lib/omniauth/failure_endpoint.rb
does not escape message_key
value Open
omniauth (1.1.4)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-36599
Criticality: Critical
Solution: upgrade to ~> 1.9.2, >= 2.0.0
Missing TLS certificate verification in faye-websocket Open
faye-websocket (0.4.7)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-15133
Criticality: High
URL: https://github.com/faye/faye-websocket-ruby/security/advisories/GHSA-2v5c-755p-p4gv
Solution: upgrade to >= 0.11.0
ruby-ffi DDL loading issue on Windows OS Open
ffi (1.8.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2018-1000201
Criticality: High
URL: https://github.com/ffi/ffi/releases/tag/1.9.24
Solution: upgrade to >= 1.9.24
Denial of Service (DoS) in Nokogiri on JRuby Open
nokogiri (1.5.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-24839
Criticality: High
URL: https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv
Solution: upgrade to >= 1.13.4
Nokogiri gem, via libxml2, is affected by multiple vulnerabilities Open
nokogiri (1.5.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2018-14404
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/issues/1785
Solution: upgrade to >= 1.8.5
omniauth-facebook Gem for Ruby Unspecified CSRF Open
omniauth-facebook (1.4.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2013-4562
Criticality: Medium
URL: https://nvd.nist.gov/vuln/detail/CVE-2013-4562
Solution: upgrade to >= 1.5.0
Out-of-bounds Write in zlib affects Nokogiri Open
nokogiri (1.5.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2018-25032
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5
Solution: upgrade to >= 1.13.4
omniauth leaks authenticity token in callback params Open
omniauth (1.1.4)
- Read upRead up
- Exclude checks
Advisory: CVE-2017-18076
Criticality: High
URL: https://github.com/omniauth/omniauth/pull/867
Solution: upgrade to >= 1.3.2
Path Traversal in Sprockets Open
sprockets (2.2.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2018-3760
Criticality: High
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/2S9Pwz2i16k
Solution: upgrade to < 3.0.0, >= 2.12.5, < 4.0.0, >= 3.7.2, >= 4.0.0.beta8