Showing 103 of 103 total issues
Nokogiri gem, via libxslt, is affected by improper access control vulnerability Open
nokogiri (1.7.0.1)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2019-11068
URL: https://github.com/sparklemotion/nokogiri/issues/1892
Solution: upgrade to >= 1.10.3
Improper Handling of Unexpected Data Type in Nokogiri Open
nokogiri (1.7.0.1)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2022-29181
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m
Solution: upgrade to >= 1.13.6
HTTP Smuggling via Transfer-Encoding Header in Puma Open
puma (3.7.1)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2020-11077
Criticality: Medium
URL: https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm
Solution: upgrade to ~> 3.12.6, >= 4.3.5
Possible XSS vulnerability with certain configurations of rails-html-sanitizer Open
rails-html-sanitizer (1.0.3)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2022-23520
Criticality: Medium
URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8
Solution: upgrade to >= 1.4.4
Loofah XSS Vulnerability Open
loofah (2.0.3)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2018-8048
Criticality: Medium
URL: https://github.com/flavorjones/loofah/issues/144
Solution: upgrade to >= 2.2.1
RuboCop gem Insecure use of /tmp Open
rubocop (0.47.1)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2017-8418
Criticality: Low
URL: https://github.com/bbatsov/rubocop/issues/4336
Solution: upgrade to >= 0.49.0
Nokogiri gem, via libxml, is affected by DoS vulnerabilities Open
nokogiri (1.7.0.1)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2017-15412
URL: https://github.com/sparklemotion/nokogiri/issues/1714
Solution: upgrade to >= 1.8.2
Devise Gem for Ruby Time-of-check Time-of-use race condition with lockable module Open
devise (4.2.0)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2019-5421
Criticality: Critical
URL: https://github.com/plataformatec/devise/issues/4981
Solution: upgrade to >= 4.6.0
Potential XSS vulnerability in jQuery Open
jquery-rails (4.2.2)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2020-11023
Criticality: Medium
URL: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released
Solution: upgrade to >= 4.4.0
XML Injection in Xerces Java affects Nokogiri Open
nokogiri (1.7.0.1)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2022-23437
Criticality: Medium
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xxx9-3xcr-gjj3
Solution: upgrade to >= 1.13.4
Nokogiri gem, via libxslt, is affected by multiple vulnerabilities Open
nokogiri (1.7.0.1)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2019-13117
URL: https://github.com/sparklemotion/nokogiri/issues/1943
Solution: upgrade to >= 1.10.5
Update packaged dependency libxml2 from 2.9.10 to 2.9.12 Open
nokogiri (1.7.0.1)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory:
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64
Solution: upgrade to >= 1.11.4
libxml2 2.9.10 has an infinite loop in a certain end-of-file situation Open
nokogiri (1.7.0.1)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2020-7595
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/issues/1992
Solution: upgrade to >= 1.10.8
Out-of-bounds Write in zlib affects Nokogiri Open
nokogiri (1.7.0.1)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2018-25032
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5
Solution: upgrade to >= 1.13.4
Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer Open
rails-html-sanitizer (1.0.3)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2022-32209
Criticality: Medium
URL: https://groups.google.com/g/rubyonrails-security/c/ce9PhUANQ6s
Solution: upgrade to >= 1.4.3
Moderate severity vulnerability that affects nokogiri Open
nokogiri (1.7.0.1)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2017-18258
Criticality: Medium
URL: https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb
Solution: upgrade to >= 1.8.2
Inefficient Regular Expression Complexity in rails-html-sanitizer Open
rails-html-sanitizer (1.0.3)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2022-23517
Criticality: High
URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w
Solution: upgrade to >= 1.4.4
Denial of Service (DoS) in Nokogiri on JRuby Open
nokogiri (1.7.0.1)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2022-24839
Criticality: High
URL: https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv
Solution: upgrade to >= 1.13.4
HTTP Smuggling via Transfer-Encoding Header in Puma Open
puma (3.7.1)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2020-11076
Criticality: High
URL: https://github.com/puma/puma/security/advisories/GHSA-x7jg-6pwg-fx5h
Solution: upgrade to ~> 3.12.5, >= 4.3.4
Regular Expression Denial of Service in Addressable templates Open
addressable (2.5.0)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2021-32740
Criticality: High
URL: https://github.com/advisories/GHSA-jxhc-q857-3j6g
Solution: upgrade to >= 2.8.0