Showing 95 of 95 total issues
Regular Expression Denial of Service in websocket-extensions (RubyGem) Open
websocket-extensions (0.1.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-7663
Criticality: High
URL: https://github.com/faye/websocket-extensions-ruby/security/advisories/GHSA-g6wq-qcwm-j5g2
Solution: upgrade to >= 0.1.5
ReDoS based DoS vulnerability in Active Support’s underscore Open
activesupport (5.2.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2023-22796
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1
Possible DoS Vulnerability in Action Controller Token Authentication Open
actionpack (5.2.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2021-22904
Criticality: High
URL: https://groups.google.com/g/rubyonrails-security/c/Pf1TjkOBdyQ
Solution: upgrade to ~> 5.2.4.6, ~> 5.2.6, >= 6.0.3.7, ~> 6.0.3, >= 6.1.3.2
OS Command Injection in Rake Open
rake (12.3.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-8130
Criticality: High
URL: https://github.com/advisories/GHSA-jppv-gw3r-w3q8
Solution: upgrade to >= 12.3.3
Possible RCE escalation bug with Serialized Columns in Active Record Open
activerecord (5.2.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-32224
Criticality: Critical
URL: https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U
Solution: upgrade to >= 5.2.8.1, ~> 5.2.8, >= 6.0.5.1, ~> 6.0.5, >= 6.1.6.1, ~> 6.1.6, >= 7.0.3.1
Possible XSS vulnerability in ActionView Open
actionview (5.2.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-5267
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/55reWMM_Pg8
Solution: upgrade to >= 5.2.4.2, ~> 5.2.4, >= 6.0.2.2
Denial of Service Vulnerability in Action View Open
actionview (5.2.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-5419
Criticality: High
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/GN7w9fFAQeI
Solution: upgrade to >= 6.0.0.beta3, >= 5.2.2.1, ~> 5.2.2, >= 5.1.6.2, ~> 5.1.6, >= 5.0.7.2, ~> 5.0.7, >= 4.2.11.1, ~> 4.2.11
Possible DoS Vulnerability in Active Record PostgreSQL adapter Open
activerecord (5.2.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2021-22880
Criticality: Medium
URL: https://groups.google.com/g/rubyonrails-security/c/ZzUqCh9vyhI
Solution: upgrade to >= 5.2.4.5, ~> 5.2.4, >= 6.0.3.5, ~> 6.0.3, >= 6.1.2.1
Circumvention of file size limits in ActiveStorage Open
activestorage (5.2.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-8162
Criticality: High
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/PjU3946mreQ
Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1
Ability to forge per-form CSRF tokens given a global CSRF token Open
actionpack (5.2.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-8166
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw
Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1
ReDoS based DoS vulnerability in Action Dispatch Open
actionpack (5.2.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2023-22795
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1
Possible Strong Parameters Bypass in ActionPack Open
actionpack (5.2.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-8164
Criticality: High
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY
Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1
ReDoS based DoS vulnerability in Action Dispatch Open
actionpack (5.2.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2023-22792
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1
Possible exposure of information vulnerability in Action Pack Open
actionpack (5.2.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-23633
Criticality: High
URL: https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ
Solution: upgrade to >= 5.2.6.2, ~> 5.2.6, >= 6.0.4.6, ~> 6.0.4, >= 6.1.4.6, ~> 6.1.4, >= 7.0.2.2
Possible XSS Vulnerability in Action Pack Open
actionpack (5.2.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-22577
Criticality: Medium
URL: https://groups.google.com/g/ruby-security-ann/c/NuFRKaN5swI
Solution: upgrade to >= 5.2.7.1, ~> 5.2.7, >= 6.0.4.8, ~> 6.0.4, >= 6.1.5.1, ~> 6.1.5, >= 7.0.2.4
Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore Open
activesupport (5.2.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-8165
Criticality: Critical
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c
Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1
Unused method argument - name
. If it's necessary, use _
or _name
as an argument name to indicate that it won't be used. Open
def self.generate_container(name, container_type, &block)
- Read upRead up
- Exclude checks
This cop checks for unused method arguments.
Example:
# bad
def some_method(used, unused, _unused_but_allowed)
puts used
end
Example:
# good
def some_method(used, _unused, _unused_but_allowed)
puts used
end
Bypass vulnerability in Active Storage Open
activestorage (5.2.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2018-16477
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/3KQRnXDIuLg
Solution: upgrade to >= 5.2.1.1
Broken Access Control vulnerability in Active Job Open
activejob (5.2.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2018-16476
Criticality: High
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/FL4dSdzr2zw
Solution: upgrade to ~> 4.2.11, ~> 5.0.7.1, ~> 5.1.6.1, ~> 5.1.7, >= 5.2.1.1
Favor modifier if
usage when having a single-line body. Another good alternative is the usage of control flow &&
/||
. Open
if container.errors.present?
- Read upRead up
- Exclude checks
Checks for if and unless statements that would fit on one line
if written as a modifier if/unless. The maximum line length is
configured in the Metrics/LineLength
cop.
Example:
# bad
if condition
do_stuff(bar)
end
unless qux.empty?
Foo.do_something
end
# good
do_stuff(bar) if condition
Foo.do_something unless qux.empty?