heavenstudio/ytsongdw

View on GitHub
Gemfile.lock

Summary

Maintainability
Test Coverage

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

    json (1.8.3)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-10663

Criticality: High

URL: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/

Solution: upgrade to >= 2.3.0

RDoc OS command injection vulnerability
Open

    rdoc (3.12.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-31799

Criticality: High

URL: https://www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc/

Solution: upgrade to ~> 6.1.2.1, ~> 6.2.1.1, >= 6.3.1

Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
Open

    activesupport (5.0.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8165

Criticality: Critical

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

Command injection in ruby-git
Open

    git (1.3.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-25648

Criticality: Critical

URL: https://github.com/ruby-git/ruby-git/pull/569

Solution: upgrade to >= 1.11.0

Potential remote code execution in ruby-git
Open

    git (1.3.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-46648

Criticality: Medium

URL: https://github.com/ruby-git/ruby-git/pull/602

Solution: upgrade to >= 1.13.0

Directory traversal in Rack::Directory app bundled with Rack
Open

    rack (2.0.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8161

Criticality: High

URL: https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA

Solution: upgrade to ~> 2.1.3, >= 2.2.0

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

    nokogiri (1.7.0.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Improper Handling of Unexpected Data Type in Nokogiri
Open

    nokogiri (1.7.0.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-29181

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m

Solution: upgrade to >= 1.13.6

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

    nokogiri (1.7.0.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory:

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-cgx6-hpwq-fhv5

Solution: upgrade to >= 1.13.5

Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities
Open

    nokogiri (1.7.0.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2017-9050

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1673

Solution: upgrade to >= 1.8.1

Denial of Service (DoS) in Nokogiri on JRuby
Open

    nokogiri (1.7.0.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-24839

Criticality: High

URL: https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv

Solution: upgrade to >= 1.13.4

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

    nokogiri (1.7.0.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-5477

Criticality: Critical

URL: https://github.com/sparklemotion/nokogiri/issues/1915

Solution: upgrade to >= 1.10.4

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

    nokogiri (1.7.0.1)
Severity: Info
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-26247

Criticality: Low

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m

Solution: upgrade to >= 1.11.0.rc4

Nokogiri gem, via libxml2, is affected by multiple vulnerabilities
Open

    nokogiri (1.7.0.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-14404

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1785

Solution: upgrade to >= 1.8.5

Code injection in ruby git
Open

    git (1.3.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-47318

Criticality: High

URL: https://github.com/ruby-git/ruby-git/pull/602

Solution: upgrade to >= 1.13.0

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

    nokogiri (1.7.0.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2017-16932

URL: https://github.com/sparklemotion/nokogiri/issues/1714

Solution: upgrade to >= 1.8.1

Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Open

    nokogiri (1.7.0.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-11068

URL: https://github.com/sparklemotion/nokogiri/issues/1892

Solution: upgrade to >= 1.10.3

Revert libxml2 behavior in Nokogiri gem that could cause XSS
Open

    nokogiri (1.7.0.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-8048

URL: https://github.com/sparklemotion/nokogiri/pull/1746

Solution: upgrade to >= 1.8.3

ReDoS based DoS vulnerability in Active Support’s underscore
Open

    activesupport (5.0.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2023-22796

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Regular Expression Denial of Service in Addressable templates
Open

    addressable (2.4.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-32740

Criticality: High

URL: https://github.com/advisories/GHSA-jxhc-q857-3j6g

Solution: upgrade to >= 2.8.0

Inefficient Regular Expression Complexity in Nokogiri
Open

    nokogiri (1.7.0.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-24836

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8

Solution: upgrade to >= 1.13.4

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

    nokogiri (1.7.0.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2017-15412

URL: https://github.com/sparklemotion/nokogiri/issues/1714

Solution: upgrade to >= 1.8.2

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

    nokogiri (1.7.0.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-41098

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h

Solution: upgrade to >= 1.12.5

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

    rack (2.0.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8184

Criticality: High

URL: https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak

Solution: upgrade to ~> 2.1.4, >= 2.2.3

i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS
Open

    i18n (0.7.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2014-10077

URL: https://github.com/svenfuchs/i18n/pull/289

Solution: upgrade to >= 0.8.0

XML Injection in Xerces Java affects Nokogiri
Open

    nokogiri (1.7.0.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23437

Criticality: Medium

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xxx9-3xcr-gjj3

Solution: upgrade to >= 1.13.4

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

    nokogiri (1.7.0.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory:

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64

Solution: upgrade to >= 1.11.4

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

    nokogiri (1.7.0.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-30560

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2

Solution: upgrade to >= 1.13.2

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

    nokogiri (1.7.0.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-13117

URL: https://github.com/sparklemotion/nokogiri/issues/1943

Solution: upgrade to >= 1.10.5

libxml2 2.9.10 has an infinite loop in a certain end-of-file situation
Open

    nokogiri (1.7.0.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-7595

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1992

Solution: upgrade to >= 1.10.8

OS Command Injection in Rake
Open

    rake (12.0.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8130

Criticality: High

URL: https://github.com/advisories/GHSA-jppv-gw3r-w3q8

Solution: upgrade to >= 12.3.3

Out-of-bounds Write in zlib affects Nokogiri
Open

    nokogiri (1.7.0.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-25032

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5

Solution: upgrade to >= 1.13.4

Moderate severity vulnerability that affects nokogiri
Open

    nokogiri (1.7.0.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2017-18258

Criticality: Medium

URL: https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb

Solution: upgrade to >= 1.8.2

Possible shell escape sequence injection vulnerability in Rack
Open

    rack (2.0.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-30123

Criticality: Critical

URL: https://groups.google.com/g/ruby-security-ann/c/LWB10kWzag8

Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1

Possible information leak / session hijack vulnerability
Open

    rack (2.0.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-16782

Criticality: Medium

URL: https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3

Solution: upgrade to ~> 1.6.12, >= 2.0.8

Denial of service via header parsing in Rack
Open

    rack (2.0.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-44570

URL: https://github.com/rack/rack/releases/tag/v3.0.4.1

Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.2, ~> 2.2.6, >= 3.0.4.1

Possible XSS vulnerability in Rack
Open

    rack (2.0.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-16471

URL: https://groups.google.com/forum/#!topic/ruby-security-ann/NAalCee8n6o

Solution: upgrade to ~> 1.6.11, >= 2.0.6

Nokogiri gem contains several vulnerabilities in libxml2 and libxslt
Open

    nokogiri (1.7.0.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2016-4658

Criticality: Critical

URL: https://github.com/sparklemotion/nokogiri/issues/1615

Solution: upgrade to >= 1.7.1

Denial of Service Vulnerability in Rack Multipart Parsing
Open

    rack (2.0.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-30122

Criticality: High

URL: https://groups.google.com/g/ruby-security-ann/c/L2Axto442qk

Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1

Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29
Open

    nokogiri (1.7.0.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2017-5029

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1634

Solution: upgrade to >= 1.7.2

Denial of Service Vulnerability in Rack Content-Disposition parsing
Open

    rack (2.0.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-44571

URL: https://github.com/rack/rack/releases/tag/v3.0.4.1

Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.1, ~> 2.2.6, >= 3.0.4.1

TZInfo relative path traversal vulnerability allows loading of arbitrary files
Open

    tzinfo (1.2.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-31163

Criticality: High

URL: https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx

Solution: upgrade to ~> 0.3.61, >= 1.2.10

Denial of service via multipart parsing in Rack
Open

    rack (2.0.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-44572

URL: https://github.com/rack/rack/releases/tag/v3.0.4.1

Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.1, ~> 2.2.6, >= 3.0.4.1

There are no issues that match your filters.

Category
Status