Showing 1,158 of 1,254 total issues
NewsItemsController#update has the variable name 'e' Open
rescue Graphlient::Errors::GraphQLError => e- Read upRead up
- Exclude checks
An Uncommunicative Variable Name is a variable name that doesn't communicate its intent well enough.
Poor names make it hard for the reader to build a mental picture of what's going on in the code. They can also be mis-interpreted; and they hurt the flow of reading, because the reader must slow down to interpret the names.
SurveysController#create has the variable name 'e' Open
rescue Graphlient::Errors::GraphQLError => e- Read upRead up
- Exclude checks
An Uncommunicative Variable Name is a variable name that doesn't communicate its intent well enough.
Poor names make it hard for the reader to build a mental picture of what's going on in the code. They can also be mis-interpreted; and they hurt the flow of reading, because the reader must slow down to interpret the names.
ConstructionsController#update has the variable name 'e' Open
rescue Graphlient::Errors::GraphQLError => e- Read upRead up
- Exclude checks
An Uncommunicative Variable Name is a variable name that doesn't communicate its intent well enough.
Poor names make it hard for the reader to build a mental picture of what's going on in the code. They can also be mis-interpreted; and they hurt the flow of reading, because the reader must slow down to interpret the names.
DeadlinesController#create has the variable name 'e' Open
rescue Graphlient::Errors::GraphQLError => e- Read upRead up
- Exclude checks
An Uncommunicative Variable Name is a variable name that doesn't communicate its intent well enough.
Poor names make it hard for the reader to build a mental picture of what's going on in the code. They can also be mis-interpreted; and they hurt the flow of reading, because the reader must slow down to interpret the names.
NewsItemsController#create has the variable name 'e' Open
rescue Graphlient::Errors::GraphQLError => e- Read upRead up
- Exclude checks
An Uncommunicative Variable Name is a variable name that doesn't communicate its intent well enough.
Poor names make it hard for the reader to build a mental picture of what's going on in the code. They can also be mis-interpreted; and they hurt the flow of reading, because the reader must slow down to interpret the names.
ToursController#convert_params_for_graphql has the variable name 'mp3' Open
mp3 = set_defaults_and_types(tour_stop["payload"]["mp3"])- Read upRead up
- Exclude checks
An Uncommunicative Variable Name is a variable name that doesn't communicate its intent well enough.
Poor names make it hard for the reader to build a mental picture of what's going on in the code. They can also be mis-interpreted; and they hurt the flow of reading, because the reader must slow down to interpret the names.
ToursController#convert_params_for_graphql has the variable name 'mp4' Open
mp4 = set_defaults_and_types(tour_stop["payload"]["mp4"])- Read upRead up
- Exclude checks
An Uncommunicative Variable Name is a variable name that doesn't communicate its intent well enough.
Poor names make it hard for the reader to build a mental picture of what's going on in the code. They can also be mis-interpreted; and they hurt the flow of reading, because the reader must slow down to interpret the names.
ToursController#update has the variable name 'e' Open
rescue Graphlient::Errors::GraphQLError => e- Read upRead up
- Exclude checks
An Uncommunicative Variable Name is a variable name that doesn't communicate its intent well enough.
Poor names make it hard for the reader to build a mental picture of what's going on in the code. They can also be mis-interpreted; and they hurt the flow of reading, because the reader must slow down to interpret the names.
ToursController#create has the variable name 'e' Open
rescue Graphlient::Errors::GraphQLError => e- Read upRead up
- Exclude checks
An Uncommunicative Variable Name is a variable name that doesn't communicate its intent well enough.
Poor names make it hard for the reader to build a mental picture of what's going on in the code. They can also be mis-interpreted; and they hurt the flow of reading, because the reader must slow down to interpret the names.
OffersController#update has the variable name 'e' Open
rescue Graphlient::Errors::GraphQLError => e- Read upRead up
- Exclude checks
An Uncommunicative Variable Name is a variable name that doesn't communicate its intent well enough.
Poor names make it hard for the reader to build a mental picture of what's going on in the code. They can also be mis-interpreted; and they hurt the flow of reading, because the reader must slow down to interpret the names.
StaticContentsController#create has the variable name 'e' Open
rescue Graphlient::Errors::GraphQLError => e- Read upRead up
- Exclude checks
An Uncommunicative Variable Name is a variable name that doesn't communicate its intent well enough.
Poor names make it hard for the reader to build a mental picture of what's going on in the code. They can also be mis-interpreted; and they hurt the flow of reading, because the reader must slow down to interpret the names.
ApplicationController#not_found_404 has the name 'not_found_404' Open
def not_found_404- Read upRead up
- Exclude checks
An Uncommunicative Method Name is a method name that doesn't communicate its intent well enough.
Poor names make it hard for the reader to build a mental picture of what's going on in the code. They can also be mis-interpreted; and they hurt the flow of reading, because the reader must slow down to interpret the names.
EventsController#copy_event_and_set_invisibility has the variable name 'e' Open
rescue Graphlient::Errors::GraphQLError => e- Read upRead up
- Exclude checks
An Uncommunicative Variable Name is a variable name that doesn't communicate its intent well enough.
Poor names make it hard for the reader to build a mental picture of what's going on in the code. They can also be mis-interpreted; and they hurt the flow of reading, because the reader must slow down to interpret the names.
Possible shell escape sequence injection vulnerability in Rack Open
rack (2.1.4)- Read upRead up
- Exclude checks
Advisory: CVE-2022-30123
Criticality: Critical
URL: https://groups.google.com/g/ruby-security-ann/c/LWB10kWzag8
Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1
Denial of Service Vulnerability in Rack Multipart Parsing Open
rack (2.1.4)- Read upRead up
- Exclude checks
Advisory: CVE-2022-30122
Criticality: High
URL: https://groups.google.com/g/ruby-security-ann/c/L2Axto442qk
Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1
Denial of service via header parsing in Rack Open
rack (2.1.4)- Read upRead up
- Exclude checks
Advisory: CVE-2022-44570
URL: https://github.com/rack/rack/releases/tag/v3.0.4.1
Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.2, ~> 2.2.6, >= 3.0.4.1
Possible code injection vulnerability in Rails / Active Storage Open
activestorage (6.1.4.1)- Read upRead up
- Exclude checks
Advisory: CVE-2022-21831
Criticality: Critical
URL: https://groups.google.com/g/rubyonrails-security/c/n-p-W1yxatI
Solution: upgrade to >= 5.2.6.3, ~> 5.2.6, >= 6.0.4.7, ~> 6.0.4, >= 6.1.4.7, ~> 6.1.4, >= 7.0.2.3
@import prevents parallel downloads, use <link> instead. Open
@import url('https://fonts.googleapis.com/css?family=Titillium+Web&display=swap');- Exclude checks
Denial of service via multipart parsing in Rack Open
rack (2.1.4)- Read upRead up
- Exclude checks
Advisory: CVE-2022-44572
URL: https://github.com/rack/rack/releases/tag/v3.0.4.1
Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.1, ~> 2.2.6, >= 3.0.4.1
Possible Open Redirect in Host Authorization Middleware Open
actionpack (6.1.4.1)- Read upRead up
- Exclude checks
Advisory: CVE-2021-44528
Criticality: Medium
URL: https://groups.google.com/g/ruby-security-ann/c/vG9gz3nk1pM/m/7-NU4MNrDAAJ
Solution: upgrade to >= 6.0.4.2, ~> 6.0.4, >= 6.1.4.2, ~> 6.1.4, >= 7.0.0.rc2