Showing 50 of 50 total issues
json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix) Open
json (1.8.3)- Read upRead up
- Exclude checks
Advisory: CVE-2020-10663
Criticality: High
URL: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/
Solution: upgrade to >= 2.3.0
RDoc OS command injection vulnerability Open
rdoc (3.12.2)- Read upRead up
- Exclude checks
Advisory: CVE-2021-31799
Criticality: High
URL: https://www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc/
Solution: upgrade to ~> 6.1.2.1, ~> 6.2.1.1, >= 6.3.1
Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore Open
activesupport (5.0.1)- Read upRead up
- Exclude checks
Advisory: CVE-2020-8165
Criticality: Critical
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c
Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1
Command injection in ruby-git Open
git (1.3.0)- Read upRead up
- Exclude checks
Advisory: CVE-2022-25648
Criticality: Critical
URL: https://github.com/ruby-git/ruby-git/pull/569
Solution: upgrade to >= 1.11.0
Potential remote code execution in ruby-git Open
git (1.3.0)- Read upRead up
- Exclude checks
Advisory: CVE-2022-46648
Criticality: Medium
URL: https://github.com/ruby-git/ruby-git/pull/602
Solution: upgrade to >= 1.13.0
Directory traversal in Rack::Directory app bundled with Rack Open
rack (2.0.1)- Read upRead up
- Exclude checks
Advisory: CVE-2020-8161
Criticality: High
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA
Solution: upgrade to ~> 2.1.3, >= 2.2.0
Update bundled libxml2 to v2.10.3 to resolve multiple CVEs Open
nokogiri (1.7.0.1)- Read upRead up
- Exclude checks
Advisory:
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw
Solution: upgrade to >= 1.13.9
Improper Handling of Unexpected Data Type in Nokogiri Open
nokogiri (1.7.0.1)- Read upRead up
- Exclude checks
Advisory: CVE-2022-29181
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m
Solution: upgrade to >= 1.13.6
Integer Overflow or Wraparound in libxml2 affects Nokogiri Open
nokogiri (1.7.0.1)- Read upRead up
- Exclude checks
Advisory:
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-cgx6-hpwq-fhv5
Solution: upgrade to >= 1.13.5
Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities Open
nokogiri (1.7.0.1)- Read upRead up
- Exclude checks
Advisory: CVE-2017-9050
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/issues/1673
Solution: upgrade to >= 1.8.1
Denial of Service (DoS) in Nokogiri on JRuby Open
nokogiri (1.7.0.1)- Read upRead up
- Exclude checks
Advisory: CVE-2022-24839
Criticality: High
URL: https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv
Solution: upgrade to >= 1.13.4
Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file Open
nokogiri (1.7.0.1)- Read upRead up
- Exclude checks
Advisory: CVE-2019-5477
Criticality: Critical
URL: https://github.com/sparklemotion/nokogiri/issues/1915
Solution: upgrade to >= 1.10.4
Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability Open
nokogiri (1.7.0.1)- Read upRead up
- Exclude checks
Advisory: CVE-2020-26247
Criticality: Low
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m
Solution: upgrade to >= 1.11.0.rc4
Nokogiri gem, via libxml2, is affected by multiple vulnerabilities Open
nokogiri (1.7.0.1)- Read upRead up
- Exclude checks
Advisory: CVE-2018-14404
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/issues/1785
Solution: upgrade to >= 1.8.5
Code injection in ruby git Open
git (1.3.0)- Read upRead up
- Exclude checks
Advisory: CVE-2022-47318
Criticality: High
URL: https://github.com/ruby-git/ruby-git/pull/602
Solution: upgrade to >= 1.13.0
Nokogiri gem, via libxml, is affected by DoS vulnerabilities Open
nokogiri (1.7.0.1)- Read upRead up
- Exclude checks
Advisory: CVE-2017-16932
URL: https://github.com/sparklemotion/nokogiri/issues/1714
Solution: upgrade to >= 1.8.1
Nokogiri gem, via libxslt, is affected by improper access control vulnerability Open
nokogiri (1.7.0.1)- Read upRead up
- Exclude checks
Advisory: CVE-2019-11068
URL: https://github.com/sparklemotion/nokogiri/issues/1892
Solution: upgrade to >= 1.10.3
Revert libxml2 behavior in Nokogiri gem that could cause XSS Open
nokogiri (1.7.0.1)- Read upRead up
- Exclude checks
Advisory: CVE-2018-8048
URL: https://github.com/sparklemotion/nokogiri/pull/1746
Solution: upgrade to >= 1.8.3
ReDoS based DoS vulnerability in Active Support’s underscore Open
activesupport (5.0.1)- Read upRead up
- Exclude checks
Advisory: CVE-2023-22796
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1
Regular Expression Denial of Service in Addressable templates Open
addressable (2.4.0)- Read upRead up
- Exclude checks
Advisory: CVE-2021-32740
Criticality: High
URL: https://github.com/advisories/GHSA-jxhc-q857-3j6g
Solution: upgrade to >= 2.8.0