Issues - hugodias/san-pedro-valley-jobs

Denial of Service Vulnerability in Rack Content-Disposition parsing
Open

    rack (1.6.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-44571

URL: https://github.com/rack/rack/releases/tag/v3.0.4.1

Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.1, ~> 2.2.6, >= 3.0.4.1

Possible shell escape sequence injection vulnerability in Rack
Open

    rack (1.6.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-30123

Criticality: Critical

URL: https://groups.google.com/g/ruby-security-ann/c/LWB10kWzag8

Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1

Directory traversal in Rack::Directory app bundled with Rack
Open

    rack (1.6.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8161

Criticality: High

URL: https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA

Solution: upgrade to ~> 2.1.3, >= 2.2.0

simple_form Gem for Ruby Incorrect Access Control for forms based on user input
Open

    simple_form (3.4.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-16676

Criticality: Critical

URL: https://github.com/plataformatec/simple_form/security/advisories/GHSA-r74q-gxcg-73hx

Solution: upgrade to >= 5.0

CSRF Vulnerability in rails-ujs
Open

    actionview (4.2.5.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8167

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

Possible DoS Vulnerability in Active Record PostgreSQL adapter
Open

    activerecord (4.2.5.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-22880

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/ZzUqCh9vyhI

Solution: upgrade to >= 5.2.4.5, ~> 5.2.4, >= 6.0.3.5, ~> 6.0.3, >= 6.1.2.1

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma
Open

    puma (3.7.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-41136

Criticality: Low

URL: https://github.com/puma/puma/security/advisories/GHSA-48w2-rm65-62xx

Solution: upgrade to ~> 4.3.9, >= 5.5.1

Denial of service via multipart parsing in Rack
Open

    rack (1.6.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-44572

URL: https://github.com/rack/rack/releases/tag/v3.0.4.1

Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.1, ~> 2.2.6, >= 3.0.4.1

Denial of Service Vulnerability in Rack Multipart Parsing
Open

    rack (1.6.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-30122

Criticality: High

URL: https://groups.google.com/g/ruby-security-ann/c/L2Axto442qk

Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1

Possible XSS Vulnerability in Action View tag helpers
Open

    actionview (4.2.5.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-27777

Criticality: Medium

URL: https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw

Solution: upgrade to >= 5.2.7.1, ~> 5.2.7, >= 6.0.4.8, ~> 6.0.4, >= 6.1.5.1, ~> 6.1.5, >= 7.0.2.4

Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
Open

    activesupport (4.2.5.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8165

Criticality: Critical

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

ReDoS based DoS vulnerability in GlobalID
Open

    globalid (0.3.7)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2023-22799

URL: https://github.com/rails/globalid/releases/tag/v1.0.1

Solution: upgrade to >= 1.0.1

Denial of service in sidekiq
Open

    sidekiq (4.2.9)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23837

Criticality: High

URL: https://github.com/mperham/sidekiq/commit/7785ac1399f1b28992adb56055f6acd88fd1d956

Solution: upgrade to >= 6.4.0, ~> 5.2.10

Nokogiri gem, via libxml2, is affected by multiple vulnerabilities
Open

    nokogiri (1.7.0.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-14404

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1785

Solution: upgrade to >= 1.8.5

Revert libxml2 behavior in Nokogiri gem that could cause XSS
Open

    nokogiri (1.7.0.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-8048

URL: https://github.com/sparklemotion/nokogiri/pull/1746

Solution: upgrade to >= 1.8.3

HTTP Response Splitting (Early Hints) in Puma
Open

    puma (3.7.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-5249

Criticality: Medium

URL: https://github.com/puma/puma/security/advisories/GHSA-33vf-4xgg-9r58

Solution: upgrade to ~> 3.12.4, >= 4.3.3

Prototype pollution attack through jQuery $.extend
Open

    jquery-rails (4.2.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-11358

Criticality: Medium

URL: https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/

Solution: upgrade to >= 4.3.4

Cross-Site Scripting in Kaminari via `original_script_name` parameter
Open

    kaminari (1.0.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-11082

Criticality: Medium

URL: https://github.com/kaminari/kaminari/security/advisories/GHSA-r5jw-62xg-j433

Solution: upgrade to >= 1.2.1

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

    nokogiri (1.7.0.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-5477

Criticality: Critical

URL: https://github.com/sparklemotion/nokogiri/issues/1915

Solution: upgrade to >= 1.10.4

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

    nokogiri (1.7.0.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory:

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw

Solution: upgrade to >= 1.13.9

hugodias/san-pedro-valley-jobs

Showing 103 of 103 total issues

Denial of Service Vulnerability in Rack Content-Disposition parsing
Open

Possible shell escape sequence injection vulnerability in Rack
Open

Directory traversal in Rack::Directory app bundled with Rack
Open

simple_form Gem for Ruby Incorrect Access Control for forms based on user input
Open

CSRF Vulnerability in rails-ujs
Open

Possible DoS Vulnerability in Active Record PostgreSQL adapter
Open

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma
Open

Denial of service via multipart parsing in Rack
Open

Denial of Service Vulnerability in Rack Multipart Parsing
Open

Possible XSS Vulnerability in Action View tag helpers
Open

Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
Open

ReDoS based DoS vulnerability in GlobalID
Open

Denial of service in sidekiq
Open

Nokogiri gem, via libxml2, is affected by multiple vulnerabilities
Open

Revert libxml2 behavior in Nokogiri gem that could cause XSS
Open

HTTP Response Splitting (Early Hints) in Puma
Open

Prototype pollution attack through jQuery $.extend
Open

Cross-Site Scripting in Kaminari via `original_script_name` parameter
Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

Severity

Category

Status

Source

Language

hugodias/san-pedro-valley-jobs

Showing 103 of 103 total issues

Denial of Service Vulnerability in Rack Content-Disposition parsing Open

Possible shell escape sequence injection vulnerability in Rack Open

Directory traversal in Rack::Directory app bundled with Rack Open

simple_form Gem for Ruby Incorrect Access Control for forms based on user input Open

CSRF Vulnerability in rails-ujs Open

Possible DoS Vulnerability in Active Record PostgreSQL adapter Open

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma Open

Denial of service via multipart parsing in Rack Open

Denial of Service Vulnerability in Rack Multipart Parsing Open

Possible XSS Vulnerability in Action View tag helpers Open

Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore Open

ReDoS based DoS vulnerability in GlobalID Open

Denial of service in sidekiq Open

Nokogiri gem, via libxml2, is affected by multiple vulnerabilities Open

Revert libxml2 behavior in Nokogiri gem that could cause XSS Open

HTTP Response Splitting (Early Hints) in Puma Open

Prototype pollution attack through jQuery $.extend Open

Cross-Site Scripting in Kaminari via original_script_name parameter Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs Open

Severity

Category

Status

Source

Language

Denial of Service Vulnerability in Rack Content-Disposition parsing
Open

Possible shell escape sequence injection vulnerability in Rack
Open

Directory traversal in Rack::Directory app bundled with Rack
Open

simple_form Gem for Ruby Incorrect Access Control for forms based on user input
Open

CSRF Vulnerability in rails-ujs
Open

Possible DoS Vulnerability in Active Record PostgreSQL adapter
Open

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma
Open

Denial of service via multipart parsing in Rack
Open

Denial of Service Vulnerability in Rack Multipart Parsing
Open

Possible XSS Vulnerability in Action View tag helpers
Open

Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
Open

ReDoS based DoS vulnerability in GlobalID
Open

Denial of service in sidekiq
Open

Nokogiri gem, via libxml2, is affected by multiple vulnerabilities
Open

Revert libxml2 behavior in Nokogiri gem that could cause XSS
Open

HTTP Response Splitting (Early Hints) in Puma
Open

Prototype pollution attack through jQuery $.extend
Open

Cross-Site Scripting in Kaminari via `original_script_name` parameter
Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open