Issues - hpi-swt2/sport-portal

ReDoS based DoS vulnerability in Active Support’s underscore
Open

    activesupport (5.1.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2023-22796

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

    nokogiri (1.8.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-5477

Criticality: Critical

URL: https://github.com/sparklemotion/nokogiri/issues/1915

Solution: upgrade to >= 1.10.4

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

    nokogiri (1.8.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-26247

Criticality: Low

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m

Solution: upgrade to >= 1.11.0.rc4

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23517

Criticality: High

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w

Solution: upgrade to >= 1.4.4

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23518

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m

Solution: upgrade to >= 1.4.4

Loofah XSS Vulnerability
Open

    loofah (2.1.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-8048

Criticality: Medium

URL: https://github.com/flavorjones/loofah/issues/144

Solution: upgrade to >= 2.2.1

XML Injection in Xerces Java affects Nokogiri
Open

    nokogiri (1.8.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23437

Criticality: Medium

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xxx9-3xcr-gjj3

Solution: upgrade to >= 1.13.4

Possible XSS Vulnerability in Action View tag helpers
Open

    actionview (5.1.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-27777

Criticality: Medium

URL: https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw

Solution: upgrade to >= 5.2.7.1, ~> 5.2.7, >= 6.0.4.8, ~> 6.0.4, >= 6.1.5.1, ~> 6.1.5, >= 7.0.2.4

HTTP Response Splitting vulnerability in puma
Open

    puma (3.11.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-5247

Criticality: Medium

URL: https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v

Solution: upgrade to ~> 3.12.4, >= 4.3.3

ruby-openid SSRF via claimed_id request
Open

    ruby-openid (2.7.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-11027

Criticality: Critical

URL: https://github.com/openid/ruby-openid/issues/122

Solution: upgrade to >= 2.9.0

Possible exposure of information vulnerability in Action Pack
Open

    actionpack (5.1.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23633

Criticality: High

URL: https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ

Solution: upgrade to >= 5.2.6.2, ~> 5.2.6, >= 6.0.4.6, ~> 6.0.4, >= 6.1.4.6, ~> 6.1.4, >= 7.0.2.2

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

    json (2.1.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-10663

Criticality: High

URL: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/

Solution: upgrade to >= 2.3.0

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

    nokogiri (1.8.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-cgx6-hpwq-fhv5

Solution: upgrade to >= 1.13.5

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

    nokogiri (1.8.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64

Solution: upgrade to >= 1.11.4

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

    nokogiri (1.8.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw

Solution: upgrade to >= 1.13.9

Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Open

    nokogiri (1.8.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-11068

URL: https://github.com/sparklemotion/nokogiri/issues/1892

Solution: upgrade to >= 1.10.3

HTTP Response Splitting (Early Hints) in Puma
Open

    puma (3.11.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-5249

Criticality: Medium

URL: https://github.com/puma/puma/security/advisories/GHSA-33vf-4xgg-9r58

Solution: upgrade to ~> 3.12.4, >= 4.3.3

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23520

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8

Solution: upgrade to >= 1.4.4

Possible Strong Parameters Bypass in ActionPack
Open

    actionpack (5.1.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8164

Criticality: High

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

libxml2 2.9.10 has an infinite loop in a certain end-of-file situation
Open

    nokogiri (1.8.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-7595

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1992

Solution: upgrade to >= 1.10.8

hpi-swt2/sport-portal

Showing 179 of 239 total issues

ReDoS based DoS vulnerability in Active Support’s underscore
Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

Loofah XSS Vulnerability
Open

XML Injection in Xerces Java affects Nokogiri
Open

Possible XSS Vulnerability in Action View tag helpers
Open

HTTP Response Splitting vulnerability in puma
Open

ruby-openid SSRF via claimed_id request
Open

Possible exposure of information vulnerability in Action Pack
Open

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Open

HTTP Response Splitting (Early Hints) in Puma
Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

Possible Strong Parameters Bypass in ActionPack
Open

libxml2 2.9.10 has an infinite loop in a certain end-of-file situation
Open

Severity

Category

Status

Source

Language

hpi-swt2/sport-portal

Showing 179 of 239 total issues

ReDoS based DoS vulnerability in Active Support’s underscore Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability Open

Inefficient Regular Expression Complexity in rails-html-sanitizer Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer Open

Loofah XSS Vulnerability Open

XML Injection in Xerces Java affects Nokogiri Open

Possible XSS Vulnerability in Action View tag helpers Open

HTTP Response Splitting vulnerability in puma Open

ruby-openid SSRF via claimed_id request Open

Possible exposure of information vulnerability in Action Pack Open

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix) Open

Integer Overflow or Wraparound in libxml2 affects Nokogiri Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12 Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs Open

Nokogiri gem, via libxslt, is affected by improper access control vulnerability Open

HTTP Response Splitting (Early Hints) in Puma Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer Open

Possible Strong Parameters Bypass in ActionPack Open

libxml2 2.9.10 has an infinite loop in a certain end-of-file situation Open

Severity

Category

Status

Source

Language

ReDoS based DoS vulnerability in Active Support’s underscore
Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

Loofah XSS Vulnerability
Open

XML Injection in Xerces Java affects Nokogiri
Open

Possible XSS Vulnerability in Action View tag helpers
Open

HTTP Response Splitting vulnerability in puma
Open

ruby-openid SSRF via claimed_id request
Open

Possible exposure of information vulnerability in Action Pack
Open

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Open

HTTP Response Splitting (Early Hints) in Puma
Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

Possible Strong Parameters Bypass in ActionPack
Open

libxml2 2.9.10 has an infinite loop in a certain end-of-file situation
Open