Issues - hpham17/esential-2016

Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-11068

URL: https://github.com/sparklemotion/nokogiri/issues/1892

Solution: upgrade to >= 1.10.3

OmniAuth's `lib/omniauth/failure_endpoint.rb` does not escape `message_key` value
Open

    omniauth (1.3.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-36599

Criticality: Critical

URL: https://github.com/omniauth/omniauth/commit/43a396f181ef7d0ed2ec8291c939c95e3ed3ff00#diff-575abda9deb9b1a77bf534e898a923029b9a61e991d626db88dc6e8b34260aa2

Solution: upgrade to ~> 1.9.2, >= 2.0.0

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23517

Criticality: High

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w

Solution: upgrade to >= 1.4.4

Devise Gem for Ruby Time-of-check Time-of-use race condition with lockable module
Open

    devise (4.2.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-5421

Criticality: Critical

URL: https://github.com/plataformatec/devise/issues/4981

Solution: upgrade to >= 4.6.0

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-13117

URL: https://github.com/sparklemotion/nokogiri/issues/1943

Solution: upgrade to >= 1.10.5

Out-of-bounds Write in zlib affects Nokogiri
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-25032

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5

Solution: upgrade to >= 1.13.4

XML Injection in Xerces Java affects Nokogiri
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23437

Criticality: Medium

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xxx9-3xcr-gjj3

Solution: upgrade to >= 1.13.4

Gon gem lack of escaping certain input when outputting as JSON
Open

    gon (6.1.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-25739

Criticality: Medium

URL: https://github.com/gazay/gon/commit/fe3c7b2191a992386dc9edd37de5447a4e809bc7

Solution: upgrade to >= 6.4.0

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw

Solution: upgrade to >= 1.13.9

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2017-15412

URL: https://github.com/sparklemotion/nokogiri/issues/1714

Solution: upgrade to >= 1.8.2

Prototype pollution attack through jQuery $.extend
Open

    jquery-rails (4.2.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-11358

Criticality: Medium

URL: https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/

Solution: upgrade to >= 4.3.4

Loofah XSS Vulnerability
Open

    loofah (2.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-8048

Criticality: Medium

URL: https://github.com/flavorjones/loofah/issues/144

Solution: upgrade to >= 2.2.1

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-5477

Criticality: Critical

URL: https://github.com/sparklemotion/nokogiri/issues/1915

Solution: upgrade to >= 1.10.4

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-26247

Criticality: Low

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m

Solution: upgrade to >= 1.11.0.rc4

Inefficient Regular Expression Complexity in Nokogiri
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-24836

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8

Solution: upgrade to >= 1.13.4

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23519

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h

Solution: upgrade to >= 1.4.4

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23520

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8

Solution: upgrade to >= 1.4.4

Loofah XSS Vulnerability
Open

    loofah (2.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-15587

Criticality: Medium

URL: https://github.com/flavorjones/loofah/issues/171

Solution: upgrade to >= 2.3.1

libxml2 2.9.10 has an infinite loop in a certain end-of-file situation
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-7595

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1992

Solution: upgrade to >= 1.10.8

Moderate severity vulnerability that affects nokogiri
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2017-18258

Criticality: Medium

URL: https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb

Solution: upgrade to >= 1.8.2

hpham17/esential-2016

Showing 99 of 99 total issues

Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Open

OmniAuth's `lib/omniauth/failure_endpoint.rb` does not escape `message_key` value
Open

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

Devise Gem for Ruby Time-of-check Time-of-use race condition with lockable module
Open

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

Out-of-bounds Write in zlib affects Nokogiri
Open

XML Injection in Xerces Java affects Nokogiri
Open

Gon gem lack of escaping certain input when outputting as JSON
Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

Prototype pollution attack through jQuery $.extend
Open

Loofah XSS Vulnerability
Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

Inefficient Regular Expression Complexity in Nokogiri
Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

Loofah XSS Vulnerability
Open

libxml2 2.9.10 has an infinite loop in a certain end-of-file situation
Open

Moderate severity vulnerability that affects nokogiri
Open

Severity

Category

Status

Source

Language

hpham17/esential-2016

Showing 99 of 99 total issues

Nokogiri gem, via libxslt, is affected by improper access control vulnerability Open

OmniAuth's lib/omniauth/failure_endpoint.rb does not escape message_key value Open

Inefficient Regular Expression Complexity in rails-html-sanitizer Open

Devise Gem for Ruby Time-of-check Time-of-use race condition with lockable module Open

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities Open

Out-of-bounds Write in zlib affects Nokogiri Open

XML Injection in Xerces Java affects Nokogiri Open

Gon gem lack of escaping certain input when outputting as JSON Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities Open

Prototype pollution attack through jQuery $.extend Open

Loofah XSS Vulnerability Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability Open

Inefficient Regular Expression Complexity in Nokogiri Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer Open

Loofah XSS Vulnerability Open

libxml2 2.9.10 has an infinite loop in a certain end-of-file situation Open

Moderate severity vulnerability that affects nokogiri Open

Severity

Category

Status

Source

Language

Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Open

OmniAuth's `lib/omniauth/failure_endpoint.rb` does not escape `message_key` value
Open

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

Devise Gem for Ruby Time-of-check Time-of-use race condition with lockable module
Open

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

Out-of-bounds Write in zlib affects Nokogiri
Open

XML Injection in Xerces Java affects Nokogiri
Open

Gon gem lack of escaping certain input when outputting as JSON
Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

Prototype pollution attack through jQuery $.extend
Open

Loofah XSS Vulnerability
Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

Inefficient Regular Expression Complexity in Nokogiri
Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

Loofah XSS Vulnerability
Open

libxml2 2.9.10 has an infinite loop in a certain end-of-file situation
Open

Moderate severity vulnerability that affects nokogiri
Open