Issues - hpi-swt2/sport-portal

ReDoS based DoS vulnerability in GlobalID
Open

    globalid (0.4.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Information Exposure with Puma when used with Rails
Open

    puma (3.11.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

CSRF vulnerability in OmniAuth's request phase
Open

    omniauth (1.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma
Open

    puma (3.11.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

HTTP Request Smuggling in puma
Open

    puma (3.11.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Keepalive Connections Causing Denial Of Service in puma
Open

    puma (3.11.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Possible timing attack in derivation_endpoint
Open

    shrine (2.8.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Regular Expression Denial of Service in Addressable templates
Open

    addressable (2.5.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

HTTP Response Splitting (Early Hints) in Puma
Open

    puma (3.11.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Possible Information Disclosure / Unintended Method Execution in Action Pack
Open

    actionpack (5.1.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Possible exposure of information vulnerability in Action Pack
Open

    actionpack (5.1.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Loofah XSS Vulnerability
Open

    loofah (2.1.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Older releases of better_errors open to Cross-Site Request Forgery attack
Open

    better_errors (2.4.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

XML Injection in Xerces Java affects Nokogiri
Open

    nokogiri (1.8.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Out-of-bounds Write in zlib affects Nokogiri
Open

    nokogiri (1.8.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Denial of Service (DoS) in Nokogiri on JRuby
Open

    nokogiri (1.8.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

    nokogiri (1.8.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

    puma (3.11.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

ReDoS based DoS vulnerability in Action Dispatch
Open

    actionpack (5.1.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

hpi-swt2/sport-portal

Showing 179 of 239 total issues

ReDoS based DoS vulnerability in GlobalID
Open

Information Exposure with Puma when used with Rails
Open

CSRF vulnerability in OmniAuth's request phase
Open

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma
Open

HTTP Request Smuggling in puma
Open

Keepalive Connections Causing Denial Of Service in puma
Open

Possible timing attack in derivation_endpoint
Open

Regular Expression Denial of Service in Addressable templates
Open

HTTP Response Splitting (Early Hints) in Puma
Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

Possible Information Disclosure / Unintended Method Execution in Action Pack
Open

Possible exposure of information vulnerability in Action Pack
Open

Loofah XSS Vulnerability
Open

Older releases of better_errors open to Cross-Site Request Forgery attack
Open

XML Injection in Xerces Java affects Nokogiri
Open

Out-of-bounds Write in zlib affects Nokogiri
Open

Denial of Service (DoS) in Nokogiri on JRuby
Open

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

ReDoS based DoS vulnerability in Action Dispatch
Open

Severity

Category

Status

Source

Language

hpi-swt2/sport-portal

Showing 179 of 239 total issues

ReDoS based DoS vulnerability in GlobalID Open

Information Exposure with Puma when used with Rails Open

CSRF vulnerability in OmniAuth's request phase Open

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma Open

HTTP Request Smuggling in puma Open

Keepalive Connections Causing Denial Of Service in puma Open

Possible timing attack in derivation_endpoint Open

Regular Expression Denial of Service in Addressable templates Open

HTTP Response Splitting (Early Hints) in Puma Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer Open

Possible Information Disclosure / Unintended Method Execution in Action Pack Open

Possible exposure of information vulnerability in Action Pack Open

Loofah XSS Vulnerability Open

Older releases of better_errors open to Cross-Site Request Forgery attack Open

XML Injection in Xerces Java affects Nokogiri Open

Out-of-bounds Write in zlib affects Nokogiri Open

Denial of Service (DoS) in Nokogiri on JRuby Open

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby Open

HTTP Smuggling via Transfer-Encoding Header in Puma Open

ReDoS based DoS vulnerability in Action Dispatch Open

Severity

Category

Status

Source

Language

ReDoS based DoS vulnerability in GlobalID
Open

Information Exposure with Puma when used with Rails
Open

CSRF vulnerability in OmniAuth's request phase
Open

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma
Open

HTTP Request Smuggling in puma
Open

Keepalive Connections Causing Denial Of Service in puma
Open

Possible timing attack in derivation_endpoint
Open

Regular Expression Denial of Service in Addressable templates
Open

HTTP Response Splitting (Early Hints) in Puma
Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

Possible Information Disclosure / Unintended Method Execution in Action Pack
Open

Possible exposure of information vulnerability in Action Pack
Open

Loofah XSS Vulnerability
Open

Older releases of better_errors open to Cross-Site Request Forgery attack
Open

XML Injection in Xerces Java affects Nokogiri
Open

Out-of-bounds Write in zlib affects Nokogiri
Open

Denial of Service (DoS) in Nokogiri on JRuby
Open

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

ReDoS based DoS vulnerability in Action Dispatch
Open