Sign upLogin

iZettle/ninetails

View on GitHub
Star

Showing 95 of 95 total issues

Regular Expression Denial of Service in websocket-extensions (RubyGem)
Open

    websocket-extensions (0.1.3)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-7663

Criticality: High

URL: https://github.com/faye/websocket-extensions-ruby/security/advisories/GHSA-g6wq-qcwm-j5g2

Solution: upgrade to >= 0.1.5

ReDoS based DoS vulnerability in Active Support’s underscore
Open

    activesupport (5.2.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2023-22796

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Possible DoS Vulnerability in Action Controller Token Authentication
Open

    actionpack (5.2.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-22904

Criticality: High

URL: https://groups.google.com/g/rubyonrails-security/c/Pf1TjkOBdyQ

Solution: upgrade to ~> 5.2.4.6, ~> 5.2.6, >= 6.0.3.7, ~> 6.0.3, >= 6.1.3.2

OS Command Injection in Rake
Open

    rake (12.3.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8130

Criticality: High

URL: https://github.com/advisories/GHSA-jppv-gw3r-w3q8

Solution: upgrade to >= 12.3.3

Possible RCE escalation bug with Serialized Columns in Active Record
Open

    activerecord (5.2.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-32224

Criticality: Critical

URL: https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U

Solution: upgrade to >= 5.2.8.1, ~> 5.2.8, >= 6.0.5.1, ~> 6.0.5, >= 6.1.6.1, ~> 6.1.6, >= 7.0.3.1

Possible XSS vulnerability in ActionView
Open

    actionview (5.2.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-5267

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/55reWMM_Pg8

Solution: upgrade to >= 5.2.4.2, ~> 5.2.4, >= 6.0.2.2

Denial of Service Vulnerability in Action View
Open

    actionview (5.2.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-5419

Criticality: High

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/GN7w9fFAQeI

Solution: upgrade to >= 6.0.0.beta3, >= 5.2.2.1, ~> 5.2.2, >= 5.1.6.2, ~> 5.1.6, >= 5.0.7.2, ~> 5.0.7, >= 4.2.11.1, ~> 4.2.11

Possible DoS Vulnerability in Active Record PostgreSQL adapter
Open

    activerecord (5.2.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-22880

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/ZzUqCh9vyhI

Solution: upgrade to >= 5.2.4.5, ~> 5.2.4, >= 6.0.3.5, ~> 6.0.3, >= 6.1.2.1

Circumvention of file size limits in ActiveStorage
Open

    activestorage (5.2.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8162

Criticality: High

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/PjU3946mreQ

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

Ability to forge per-form CSRF tokens given a global CSRF token
Open

    actionpack (5.2.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8166

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

ReDoS based DoS vulnerability in Action Dispatch
Open

    actionpack (5.2.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2023-22795

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Possible Strong Parameters Bypass in ActionPack
Open

    actionpack (5.2.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8164

Criticality: High

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

ReDoS based DoS vulnerability in Action Dispatch
Open

    actionpack (5.2.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2023-22792

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Possible exposure of information vulnerability in Action Pack
Open

    actionpack (5.2.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23633

Criticality: High

URL: https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ

Solution: upgrade to >= 5.2.6.2, ~> 5.2.6, >= 6.0.4.6, ~> 6.0.4, >= 6.1.4.6, ~> 6.1.4, >= 7.0.2.2

Possible XSS Vulnerability in Action Pack
Open

    actionpack (5.2.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-22577

Criticality: Medium

URL: https://groups.google.com/g/ruby-security-ann/c/NuFRKaN5swI

Solution: upgrade to >= 5.2.7.1, ~> 5.2.7, >= 6.0.4.8, ~> 6.0.4, >= 6.1.5.1, ~> 6.1.5, >= 7.0.2.4

Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
Open

    activesupport (5.2.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8165

Criticality: Critical

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

Unused method argument - name. If it's necessary, use _ or _name as an argument name to indicate that it won't be used.
Open

      def self.generate_container(name, container_type, &block)
Severity: Minor
Found in lib/ninetails/seeds/generator.rb by rubocop

This cop checks for unused method arguments.

Example:

# bad

def some_method(used, unused, _unused_but_allowed)
  puts used
end

Example:

# good

def some_method(used, _unused, _unused_but_allowed)
  puts used
end

Bypass vulnerability in Active Storage
Open

    activestorage (5.2.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-16477

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/3KQRnXDIuLg

Solution: upgrade to >= 5.2.1.1

Broken Access Control vulnerability in Active Job
Open

    activejob (5.2.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-16476

Criticality: High

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/FL4dSdzr2zw

Solution: upgrade to ~> 4.2.11, ~> 5.0.7.1, ~> 5.1.6.1, ~> 5.1.7, >= 5.2.1.1

Favor modifier if usage when having a single-line body. Another good alternative is the usage of control flow &&/||.
Open

  if container.errors.present?
Severity: Minor
Found in app/views/ninetails/containers/_container.json.jbuilder by rubocop

Checks for if and unless statements that would fit on one line if written as a modifier if/unless. The maximum line length is configured in the Metrics/LineLength cop.

Example:

# bad
if condition
  do_stuff(bar)
end

unless qux.empty?
  Foo.do_something
end

# good
do_stuff(bar) if condition
Foo.do_something unless qux.empty?
Severity
Category
Status
Source
Language