Gemfile.lock from ikuseiGmbH/smart-village-app-cms

Gemfile.lock

Summary

Maintainability

Test Coverage

Information Exposure with Puma when used with Rails
Open

    puma (3.12.6)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23634

Criticality: High

URL: https://github.com/puma/puma/security/advisories/GHSA-rmj8-8hhh-gv5h

Solution: upgrade to ~> 4.3.11, >= 5.6.2

Keepalive Connections Causing Denial Of Service in puma
Open

    puma (3.12.6)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-29509

Criticality: High

URL: https://github.com/puma/puma/security/advisories/GHSA-q28m-8xjw-8vr5

Solution: upgrade to ~> 4.3.8, >= 5.3.1

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma
Open

    puma (3.12.6)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-41136

Criticality: Low

URL: https://github.com/puma/puma/security/advisories/GHSA-48w2-rm65-62xx

Solution: upgrade to ~> 4.3.9, >= 5.5.1

ReDoS based DoS vulnerability in GlobalID
Open

    globalid (0.4.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2023-22799

URL: https://github.com/rails/globalid/releases/tag/v1.0.1

Solution: upgrade to >= 1.0.1

HTTP Request Smuggling in puma
Open

    puma (3.12.6)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-24790

Criticality: Critical

URL: https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9

Solution: upgrade to ~> 4.3.12, >= 5.6.4

Denial of Service in rubyzip ("zip bombs")
Confirmed

    rubyzip (1.2.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-16892

Criticality: Medium

URL: https://github.com/rubyzip/rubyzip/pull/403

Solution: upgrade to >= 1.3.0

Improper neutralization of data URIs may allow XSS in Loofah
Open

    loofah (2.2.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23515

Criticality: Medium

URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-228g-948r-83gx

Solution: upgrade to >= 2.19.1

Uncontrolled Recursion in Loofah
Open

    loofah (2.2.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23516

Criticality: High

URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-3x8r-x6xp-q4vm

Solution: upgrade to >= 2.19.1

Cross-Site Scripting in Kaminari via `original_script_name` parameter
Open

    kaminari (1.1.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-11082

Criticality: Medium

URL: https://github.com/kaminari/kaminari/security/advisories/GHSA-r5jw-62xg-j433

Solution: upgrade to >= 1.2.1

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

    rails-html-sanitizer (1.2.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23518

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m

Solution: upgrade to >= 1.4.4

Loofah XSS Vulnerability
Open

    loofah (2.2.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-15587

Criticality: Medium

URL: https://github.com/flavorjones/loofah/issues/171

Solution: upgrade to >= 2.3.1

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

    rails-html-sanitizer (1.2.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23520

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8

Solution: upgrade to >= 1.4.4

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

    rails-html-sanitizer (1.2.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23519

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h

Solution: upgrade to >= 1.4.4

Regular Expression Denial of Service in Addressable templates
Open

    addressable (2.6.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-32740

Criticality: High

URL: https://github.com/advisories/GHSA-jxhc-q857-3j6g

Solution: upgrade to >= 2.8.0

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

    rails-html-sanitizer (1.2.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-32209

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/ce9PhUANQ6s

Solution: upgrade to >= 1.4.3

Inefficient Regular Expression Complexity in Loofah
Open

    loofah (2.2.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23514

Criticality: High

URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-486f-hjj9-9vhh

Solution: upgrade to >= 2.19.1

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

    rails-html-sanitizer (1.2.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23517

Criticality: High

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w

Solution: upgrade to >= 1.4.4

Potential XSS vulnerability in jQuery
Open

    jquery-rails (4.3.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-11023

Criticality: Medium

URL: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released

Solution: upgrade to >= 4.4.0

Prototype pollution attack through jQuery $.extend
Open

    jquery-rails (4.3.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-11358

Criticality: Medium

URL: https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/

Solution: upgrade to >= 4.3.4

ReDoS based DoS vulnerability in Action Dispatch
Open

    actionpack (6.1.4.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2023-22795

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

SQL Injection Vulnerability via ActiveRecord comments
Open

    activerecord (6.1.4.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2023-22794

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 6.0.6.1, ~> 6.0.6, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Possible XSS Vulnerability in Action Pack
Open

    actionpack (6.1.4.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-22577

Criticality: Medium

URL: https://groups.google.com/g/ruby-security-ann/c/NuFRKaN5swI

Solution: upgrade to >= 5.2.7.1, ~> 5.2.7, >= 6.0.4.8, ~> 6.0.4, >= 6.1.5.1, ~> 6.1.5, >= 7.0.2.4

ReDoS based DoS vulnerability in Action Dispatch
Open

    actionpack (6.1.4.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2023-22792

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Possible XSS Vulnerability in Action View tag helpers
Open

    actionview (6.1.4.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-27777

Criticality: Medium

URL: https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw

Solution: upgrade to >= 5.2.7.1, ~> 5.2.7, >= 6.0.4.8, ~> 6.0.4, >= 6.1.5.1, ~> 6.1.5, >= 7.0.2.4

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

    activerecord (6.1.4.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-44566

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Unchecked return value from xmlTextReaderExpand
Open

    nokogiri (1.13.9)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23476

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-qv4q-mr5r-qprj

Solution: upgrade to >= 1.13.10

ReDoS based DoS vulnerability in Active Support’s underscore
Open

    activesupport (6.1.4.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2023-22796

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Possible RCE escalation bug with Serialized Columns in Active Record
Open

    activerecord (6.1.4.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-32224

Criticality: Critical

URL: https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U

Solution: upgrade to >= 5.2.8.1, ~> 5.2.8, >= 6.0.5.1, ~> 6.0.5, >= 6.1.6.1, ~> 6.1.6, >= 7.0.3.1

Possible exposure of information vulnerability in Action Pack
Open

    actionpack (6.1.4.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23633

Criticality: High

URL: https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ

Solution: upgrade to >= 5.2.6.2, ~> 5.2.6, >= 6.0.4.6, ~> 6.0.4, >= 6.1.4.6, ~> 6.1.4, >= 7.0.2.2

Denial of Service Vulnerability in Rack Multipart Parsing
Open

    rack (2.1.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-30122

Criticality: High

URL: https://groups.google.com/g/ruby-security-ann/c/L2Axto442qk

Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1

Possible Open Redirect in Host Authorization Middleware
Open

    actionpack (6.1.4.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-44528

Criticality: Medium

URL: https://groups.google.com/g/ruby-security-ann/c/vG9gz3nk1pM/m/7-NU4MNrDAAJ

Solution: upgrade to >= 6.0.4.2, ~> 6.0.4, >= 6.1.4.2, ~> 6.1.4, >= 7.0.0.rc2

Denial of service via header parsing in Rack
Open

    rack (2.1.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-44570

URL: https://github.com/rack/rack/releases/tag/v3.0.4.1

Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.2, ~> 2.2.6, >= 3.0.4.1

Denial of service via multipart parsing in Rack
Open

    rack (2.1.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-44572

URL: https://github.com/rack/rack/releases/tag/v3.0.4.1

Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.1, ~> 2.2.6, >= 3.0.4.1

Possible shell escape sequence injection vulnerability in Rack
Open

    rack (2.1.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-30123

Criticality: Critical

URL: https://groups.google.com/g/ruby-security-ann/c/LWB10kWzag8

Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1

Possible code injection vulnerability in Rails / Active Storage
Open

    activestorage (6.1.4.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-21831

Criticality: Critical

URL: https://groups.google.com/g/rubyonrails-security/c/n-p-W1yxatI

Solution: upgrade to >= 5.2.6.3, ~> 5.2.6, >= 6.0.4.7, ~> 6.0.4, >= 6.1.4.7, ~> 6.1.4, >= 7.0.2.3

Denial of Service Vulnerability in Rack Content-Disposition parsing
Open

    rack (2.1.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-44571

URL: https://github.com/rack/rack/releases/tag/v3.0.4.1

Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.1, ~> 2.2.6, >= 3.0.4.1

ikuseiGmbH/smart-village-app-cms

Summary

Maintainability

Test Coverage

Information Exposure with Puma when used with Rails Open

Keepalive Connections Causing Denial Of Service in puma Open

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma Open

ReDoS based DoS vulnerability in GlobalID Open

HTTP Request Smuggling in puma Open

Denial of Service in rubyzip ("zip bombs") Confirmed

Improper neutralization of data URIs may allow XSS in Loofah Open

Uncontrolled Recursion in Loofah Open

Cross-Site Scripting in Kaminari via original_script_name parameter Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer Open

Loofah XSS Vulnerability Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer Open

Regular Expression Denial of Service in Addressable templates Open

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer Open

Inefficient Regular Expression Complexity in Loofah Open

Inefficient Regular Expression Complexity in rails-html-sanitizer Open

Potential XSS vulnerability in jQuery Open

Prototype pollution attack through jQuery $.extend Open

ReDoS based DoS vulnerability in Action Dispatch Open

SQL Injection Vulnerability via ActiveRecord comments Open

Possible XSS Vulnerability in Action Pack Open

ReDoS based DoS vulnerability in Action Dispatch Open

Possible XSS Vulnerability in Action View tag helpers Open

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter Open

Unchecked return value from xmlTextReaderExpand Open

ReDoS based DoS vulnerability in Active Support’s underscore Open

Possible RCE escalation bug with Serialized Columns in Active Record Open

Possible exposure of information vulnerability in Action Pack Open

Denial of Service Vulnerability in Rack Multipart Parsing Open

Possible Open Redirect in Host Authorization Middleware Open

Denial of service via header parsing in Rack Open

Denial of service via multipart parsing in Rack Open

Possible shell escape sequence injection vulnerability in Rack Open

Possible code injection vulnerability in Rails / Active Storage Open

Denial of Service Vulnerability in Rack Content-Disposition parsing Open

There are no issues that match your filters.

Category

Status

Information Exposure with Puma when used with Rails
Open

Keepalive Connections Causing Denial Of Service in puma
Open

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma
Open

ReDoS based DoS vulnerability in GlobalID
Open

HTTP Request Smuggling in puma
Open

Denial of Service in rubyzip ("zip bombs")
Confirmed

Improper neutralization of data URIs may allow XSS in Loofah
Open

Uncontrolled Recursion in Loofah
Open

Cross-Site Scripting in Kaminari via `original_script_name` parameter
Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

Loofah XSS Vulnerability
Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

Regular Expression Denial of Service in Addressable templates
Open

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

Inefficient Regular Expression Complexity in Loofah
Open

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

Potential XSS vulnerability in jQuery
Open

Prototype pollution attack through jQuery $.extend
Open

ReDoS based DoS vulnerability in Action Dispatch
Open

SQL Injection Vulnerability via ActiveRecord comments
Open

Possible XSS Vulnerability in Action Pack
Open

ReDoS based DoS vulnerability in Action Dispatch
Open

Possible XSS Vulnerability in Action View tag helpers
Open

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

Unchecked return value from xmlTextReaderExpand
Open

ReDoS based DoS vulnerability in Active Support’s underscore
Open

Possible RCE escalation bug with Serialized Columns in Active Record
Open

Possible exposure of information vulnerability in Action Pack
Open

Denial of Service Vulnerability in Rack Multipart Parsing
Open

Possible Open Redirect in Host Authorization Middleware
Open

Denial of service via header parsing in Rack
Open

Denial of service via multipart parsing in Rack
Open

Possible shell escape sequence injection vulnerability in Rack
Open

Possible code injection vulnerability in Rails / Active Storage
Open

Denial of Service Vulnerability in Rack Content-Disposition parsing
Open