Gemfile.lock from infusionvlc/ConexionFelina

Gemfile.lock

Summary

Maintainability

Test Coverage

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma
Open

    puma (3.12.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-41136

Criticality: Low

URL: https://github.com/puma/puma/security/advisories/GHSA-48w2-rm65-62xx

Solution: upgrade to ~> 4.3.9, >= 5.5.1

ReDoS based DoS vulnerability in GlobalID
Open

    globalid (0.4.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2023-22799

URL: https://github.com/rails/globalid/releases/tag/v1.0.1

Solution: upgrade to >= 1.0.1

Information Exposure with Puma when used with Rails
Open

    puma (3.12.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23634

Criticality: High

URL: https://github.com/puma/puma/security/advisories/GHSA-rmj8-8hhh-gv5h

Solution: upgrade to ~> 4.3.11, >= 5.6.2

HTTP Request Smuggling in puma
Open

    puma (3.12.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-24790

Criticality: Critical

URL: https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9

Solution: upgrade to ~> 4.3.12, >= 5.6.4

Keepalive Connections Causing Denial Of Service in puma
Open

    puma (3.12.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-29509

Criticality: High

URL: https://github.com/puma/puma/security/advisories/GHSA-q28m-8xjw-8vr5

Solution: upgrade to ~> 4.3.8, >= 5.3.1

Denial of Service (DoS) in Nokogiri on JRuby
Open

    nokogiri (1.10.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-24839

Criticality: High

URL: https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv

Solution: upgrade to >= 1.13.4

Inefficient Regular Expression Complexity in Loofah
Open

    loofah (2.2.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23514

Criticality: High

URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-486f-hjj9-9vhh

Solution: upgrade to >= 2.19.1

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

    nokogiri (1.10.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-30560

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2

Solution: upgrade to >= 1.13.2

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

    nokogiri (1.10.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw

Solution: upgrade to >= 1.13.9

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

    nokogiri (1.10.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-cgx6-hpwq-fhv5

Solution: upgrade to >= 1.13.5

XML Injection in Xerces Java affects Nokogiri
Open

    nokogiri (1.10.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23437

Criticality: Medium

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xxx9-3xcr-gjj3

Solution: upgrade to >= 1.13.4

Improper Handling of Unexpected Data Type in Nokogiri
Open

    nokogiri (1.10.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-29181

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m

Solution: upgrade to >= 1.13.6

Out-of-bounds Write in zlib affects Nokogiri
Open

    nokogiri (1.10.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-25032

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5

Solution: upgrade to >= 1.13.4

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23519

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h

Solution: upgrade to >= 1.4.4

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23518

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m

Solution: upgrade to >= 1.4.4

Uncontrolled Recursion in Loofah
Open

    loofah (2.2.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23516

Criticality: High

URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-3x8r-x6xp-q4vm

Solution: upgrade to >= 2.19.1

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

    nokogiri (1.10.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-41098

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h

Solution: upgrade to >= 1.12.5

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

    nokogiri (1.10.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-30560

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2

Solution: upgrade to >= 1.13.2

Regular Expression Denial of Service in Addressable templates
Open

    addressable (2.5.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-32740

Criticality: High

URL: https://github.com/advisories/GHSA-jxhc-q857-3j6g

Solution: upgrade to >= 2.8.0

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

    nokogiri (1.10.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-26247

Criticality: Low

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m

Solution: upgrade to >= 1.11.0.rc4

Inefficient Regular Expression Complexity in Nokogiri
Open

    nokogiri (1.10.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-24836

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8

Solution: upgrade to >= 1.13.4

Inefficient Regular Expression Complexity in Nokogiri
Open

    nokogiri (1.10.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-24836

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8

Solution: upgrade to >= 1.13.4

Out-of-bounds Write in zlib affects Nokogiri
Open

    nokogiri (1.10.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-25032

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5

Solution: upgrade to >= 1.13.4

XML Injection in Xerces Java affects Nokogiri
Open

    nokogiri (1.10.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23437

Criticality: Medium

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xxx9-3xcr-gjj3

Solution: upgrade to >= 1.13.4

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

    nokogiri (1.10.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64

Solution: upgrade to >= 1.11.4

XSS vulnerability in bootstrap
Open

    bootstrap (4.1.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-8331

Criticality: Medium

URL: https://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/

Solution: upgrade to >= 4.3.1

Potential XSS vulnerability in jQuery
Open

    jquery-rails (4.3.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-11023

Criticality: Medium

URL: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released

Solution: upgrade to >= 4.4.0

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

    rails-html-sanitizer (1.0.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-32209

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/ce9PhUANQ6s

Solution: upgrade to >= 1.4.3

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

    nokogiri (1.10.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-30560

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2

Solution: upgrade to >= 1.13.2

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

    nokogiri (1.10.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64

Solution: upgrade to >= 1.11.4

Denial of Service (DoS) in Nokogiri on JRuby
Open

    nokogiri (1.10.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-24839

Criticality: High

URL: https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv

Solution: upgrade to >= 1.13.4

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

    nokogiri (1.10.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-cgx6-hpwq-fhv5

Solution: upgrade to >= 1.13.5

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

    nokogiri (1.10.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-26247

Criticality: Low

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m

Solution: upgrade to >= 1.11.0.rc4

Improper Handling of Unexpected Data Type in Nokogiri
Open

    nokogiri (1.10.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-29181

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m

Solution: upgrade to >= 1.13.6

Loofah XSS Vulnerability
Open

    loofah (2.2.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-15587

Criticality: Medium

URL: https://github.com/flavorjones/loofah/issues/171

Solution: upgrade to >= 2.3.1

XML Injection in Xerces Java affects Nokogiri
Open

    nokogiri (1.10.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23437

Criticality: Medium

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xxx9-3xcr-gjj3

Solution: upgrade to >= 1.13.4

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

    nokogiri (1.10.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-41098

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h

Solution: upgrade to >= 1.12.5

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

    nokogiri (1.10.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-26247

Criticality: Low

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m

Solution: upgrade to >= 1.11.0.rc4

Inefficient Regular Expression Complexity in Nokogiri
Open

    nokogiri (1.10.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-24836

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8

Solution: upgrade to >= 1.13.4

Directory traversal in Rack::Directory app bundled with Rack
Open

    rack (2.0.7)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8161

Criticality: High

URL: https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA

Solution: upgrade to ~> 2.1.3, >= 2.2.0

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

    nokogiri (1.10.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-cgx6-hpwq-fhv5

Solution: upgrade to >= 1.13.5

Out-of-bounds Write in zlib affects Nokogiri
Open

    nokogiri (1.10.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-25032

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5

Solution: upgrade to >= 1.13.4

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

    rack (2.0.7)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8184

Criticality: High

URL: https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak

Solution: upgrade to ~> 2.1.4, >= 2.2.3

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23517

Criticality: High

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w

Solution: upgrade to >= 1.4.4

Denial of Service in rubyzip ("zip bombs")
Open

    rubyzip (1.2.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-16892

Criticality: Medium

URL: https://github.com/rubyzip/rubyzip/pull/403

Solution: upgrade to >= 1.3.0

Devise Gem for Ruby confirmation token validation with a blank string
Open

    devise (4.6.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-16109

Criticality: Medium

URL: https://github.com/plataformatec/devise/issues/5071

Solution: upgrade to >= 4.7.1

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

    nokogiri (1.10.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw

Solution: upgrade to >= 1.13.9

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23520

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8

Solution: upgrade to >= 1.4.4

Improper neutralization of data URIs may allow XSS in Loofah
Open

    loofah (2.2.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23515

Criticality: Medium

URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-228g-948r-83gx

Solution: upgrade to >= 2.19.1

Denial of Service (DoS) in Nokogiri on JRuby
Open

    nokogiri (1.10.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-24839

Criticality: High

URL: https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv

Solution: upgrade to >= 1.13.4

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

    json (2.1.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-10663

Criticality: High

URL: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/

Solution: upgrade to >= 2.3.0

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

    nokogiri (1.10.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-41098

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h

Solution: upgrade to >= 1.12.5

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

    nokogiri (1.10.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64

Solution: upgrade to >= 1.11.4

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

    nokogiri (1.10.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw

Solution: upgrade to >= 1.13.9

Improper Handling of Unexpected Data Type in Nokogiri
Open

    nokogiri (1.10.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-29181

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m

Solution: upgrade to >= 1.13.6

Possible RCE escalation bug with Serialized Columns in Active Record
Open

    activerecord (5.2.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-32224

Criticality: Critical

URL: https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U

Solution: upgrade to >= 5.2.8.1, ~> 5.2.8, >= 6.0.5.1, ~> 6.0.5, >= 6.1.6.1, ~> 6.1.6, >= 7.0.3.1

Denial of Service Vulnerability in Rack Multipart Parsing
Open

    rack (2.0.7)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-30122

Criticality: High

URL: https://groups.google.com/g/ruby-security-ann/c/L2Axto442qk

Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1

Denial of Service Vulnerability in Rack Content-Disposition parsing
Open

    rack (2.0.7)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-44571

URL: https://github.com/rack/rack/releases/tag/v3.0.4.1

Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.1, ~> 2.2.6, >= 3.0.4.1

Possible XSS Vulnerability in Action Pack
Open

    actionpack (5.2.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-22577

Criticality: Medium

URL: https://groups.google.com/g/ruby-security-ann/c/NuFRKaN5swI

Solution: upgrade to >= 5.2.7.1, ~> 5.2.7, >= 6.0.4.8, ~> 6.0.4, >= 6.1.5.1, ~> 6.1.5, >= 7.0.2.4

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

    nokogiri (1.10.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-5477

Criticality: Critical

URL: https://github.com/sparklemotion/nokogiri/issues/1915

Solution: upgrade to >= 1.10.4

Possible shell escape sequence injection vulnerability in Rack
Open

    rack (2.0.7)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-30123

Criticality: Critical

URL: https://groups.google.com/g/ruby-security-ann/c/LWB10kWzag8

Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1

Denial of service via header parsing in Rack
Open

    rack (2.0.7)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-44570

URL: https://github.com/rack/rack/releases/tag/v3.0.4.1

Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.2, ~> 2.2.6, >= 3.0.4.1

Possible Information Disclosure / Unintended Method Execution in Action Pack
Open

    actionpack (5.2.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-22885

Criticality: High

URL: https://groups.google.com/g/rubyonrails-security/c/NiQl-48cXYI

Solution: upgrade to ~> 5.2.4.6, ~> 5.2.6, >= 6.0.3.7, ~> 6.0.3, >= 6.1.3.2

libxml2 2.9.10 has an infinite loop in a certain end-of-file situation
Open

    nokogiri (1.10.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-7595

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1992

Solution: upgrade to >= 1.10.8

Keepalive thread overload/DoS in puma
Open

    puma (3.12.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-16770

Criticality: High

URL: https://github.com/puma/puma/security/advisories/GHSA-7xx3-m584-x994

Solution: upgrade to ~> 3.12.2, >= 4.3.1

Possible information leak / session hijack vulnerability
Open

    rack (2.0.7)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-16782

Criticality: Medium

URL: https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3

Solution: upgrade to ~> 1.6.12, >= 2.0.8

ReDoS based DoS vulnerability in Action Dispatch
Open

    actionpack (5.2.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2023-22792

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

HTTP Response Splitting vulnerability in puma
Open

    puma (3.12.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-5247

Criticality: Medium

URL: https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v

Solution: upgrade to ~> 3.12.4, >= 4.3.3

Possible code injection vulnerability in Rails / Active Storage
Open

    activestorage (5.2.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-21831

Criticality: Critical

URL: https://groups.google.com/g/rubyonrails-security/c/n-p-W1yxatI

Solution: upgrade to >= 5.2.6.3, ~> 5.2.6, >= 6.0.4.7, ~> 6.0.4, >= 6.1.4.7, ~> 6.1.4, >= 7.0.2.3

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

    nokogiri (1.10.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-13117

URL: https://github.com/sparklemotion/nokogiri/issues/1943

Solution: upgrade to >= 1.10.5

OS Command Injection in Rake
Open

    rake (12.3.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8130

Criticality: High

URL: https://github.com/advisories/GHSA-jppv-gw3r-w3q8

Solution: upgrade to >= 12.3.3

Ability to forge per-form CSRF tokens given a global CSRF token
Open

    actionpack (5.2.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8166

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

Possible DoS Vulnerability in Action Controller Token Authentication
Open

    actionpack (5.2.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-22904

Criticality: High

URL: https://groups.google.com/g/rubyonrails-security/c/Pf1TjkOBdyQ

Solution: upgrade to ~> 5.2.4.6, ~> 5.2.6, >= 6.0.3.7, ~> 6.0.3, >= 6.1.3.2

Potential XSS vulnerability in Action View
Open

    actionview (5.2.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-15169

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/b-C9kSGXYrc

Solution: upgrade to >= 5.2.4.4, ~> 5.2.4, >= 6.0.3.3

CSRF Vulnerability in rails-ujs
Open

    actionview (5.2.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8167

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

    puma (3.12.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-11077

Criticality: Medium

URL: https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm

Solution: upgrade to ~> 3.12.6, >= 4.3.5

Possible XSS vulnerability in ActionView
Open

    actionview (5.2.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-5267

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/55reWMM_Pg8

Solution: upgrade to >= 5.2.4.2, ~> 5.2.4, >= 6.0.2.2

Possible DoS Vulnerability in Active Record PostgreSQL adapter
Open

    activerecord (5.2.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-22880

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/ZzUqCh9vyhI

Solution: upgrade to >= 5.2.4.5, ~> 5.2.4, >= 6.0.3.5, ~> 6.0.3, >= 6.1.2.1

ReDoS based DoS vulnerability in Active Support’s underscore
Open

    activesupport (5.2.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2023-22796

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

    nokogiri (1.10.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-5477

Criticality: Critical

URL: https://github.com/sparklemotion/nokogiri/issues/1915

Solution: upgrade to >= 1.10.4

Possible XSS Vulnerability in Action View tag helpers
Open

    actionview (5.2.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-27777

Criticality: Medium

URL: https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw

Solution: upgrade to >= 5.2.7.1, ~> 5.2.7, >= 6.0.4.8, ~> 6.0.4, >= 6.1.5.1, ~> 6.1.5, >= 7.0.2.4

Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
Open

    activesupport (5.2.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8165

Criticality: Critical

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

    nokogiri (1.10.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-5477

Criticality: Critical

URL: https://github.com/sparklemotion/nokogiri/issues/1915

Solution: upgrade to >= 1.10.4

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

    nokogiri (1.10.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-13117

URL: https://github.com/sparklemotion/nokogiri/issues/1943

Solution: upgrade to >= 1.10.5

Circumvention of file size limits in ActiveStorage
Open

    activestorage (5.2.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8162

Criticality: High

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/PjU3946mreQ

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

libxml2 2.9.10 has an infinite loop in a certain end-of-file situation
Open

    nokogiri (1.10.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-7595

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1992

Solution: upgrade to >= 1.10.8

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

    puma (3.12.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-11076

Criticality: High

URL: https://github.com/puma/puma/security/advisories/GHSA-x7jg-6pwg-fx5h

Solution: upgrade to ~> 3.12.5, >= 4.3.4

TZInfo relative path traversal vulnerability allows loading of arbitrary files
Open

    tzinfo (1.2.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-31163

Criticality: High

URL: https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx

Solution: upgrade to ~> 0.3.61, >= 1.2.10

Regular Expression Denial of Service in websocket-extensions (RubyGem)
Open

    websocket-extensions (0.1.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-7663

Criticality: High

URL: https://github.com/faye/websocket-extensions-ruby/security/advisories/GHSA-g6wq-qcwm-j5g2

Solution: upgrade to >= 0.1.5

ReDoS based DoS vulnerability in Action Dispatch
Open

    actionpack (5.2.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2023-22795

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Prototype pollution attack through jQuery $.extend
Open

    jquery-rails (4.3.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-11358

Criticality: Medium

URL: https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/

Solution: upgrade to >= 4.3.4

HTTP Response Splitting (Early Hints) in Puma
Open

    puma (3.12.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-5249

Criticality: Medium

URL: https://github.com/puma/puma/security/advisories/GHSA-33vf-4xgg-9r58

Solution: upgrade to ~> 3.12.4, >= 4.3.3

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

    nokogiri (1.10.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-13117

URL: https://github.com/sparklemotion/nokogiri/issues/1943

Solution: upgrade to >= 1.10.5

Possible Strong Parameters Bypass in ActionPack
Open

    actionpack (5.2.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8164

Criticality: High

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

Possible exposure of information vulnerability in Action Pack
Open

    actionpack (5.2.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23633

Criticality: High

URL: https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ

Solution: upgrade to >= 5.2.6.2, ~> 5.2.6, >= 6.0.4.6, ~> 6.0.4, >= 6.1.4.6, ~> 6.1.4, >= 7.0.2.2

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

    activerecord (5.2.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-44566

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

libxml2 2.9.10 has an infinite loop in a certain end-of-file situation
Open

    nokogiri (1.10.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-7595

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1992

Solution: upgrade to >= 1.10.8

Denial of service via multipart parsing in Rack
Open

    rack (2.0.7)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-44572

URL: https://github.com/rack/rack/releases/tag/v3.0.4.1

Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.1, ~> 2.2.6, >= 3.0.4.1

infusionvlc/ConexionFelina

Summary

Maintainability

Test Coverage

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma Open

ReDoS based DoS vulnerability in GlobalID Open

Information Exposure with Puma when used with Rails Open

HTTP Request Smuggling in puma Open

Keepalive Connections Causing Denial Of Service in puma Open

Denial of Service (DoS) in Nokogiri on JRuby Open

Inefficient Regular Expression Complexity in Loofah Open

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35) Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs Open

Integer Overflow or Wraparound in libxml2 affects Nokogiri Open

XML Injection in Xerces Java affects Nokogiri Open

Improper Handling of Unexpected Data Type in Nokogiri Open

Out-of-bounds Write in zlib affects Nokogiri Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer Open

Uncontrolled Recursion in Loofah Open

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby Open

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35) Open

Regular Expression Denial of Service in Addressable templates Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability Open

Inefficient Regular Expression Complexity in Nokogiri Open

Inefficient Regular Expression Complexity in Nokogiri Open

Out-of-bounds Write in zlib affects Nokogiri Open

XML Injection in Xerces Java affects Nokogiri Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12 Open

XSS vulnerability in bootstrap Open

Potential XSS vulnerability in jQuery Open

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer Open

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35) Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12 Open

Denial of Service (DoS) in Nokogiri on JRuby Open

Integer Overflow or Wraparound in libxml2 affects Nokogiri Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability Open

Improper Handling of Unexpected Data Type in Nokogiri Open

Loofah XSS Vulnerability Open

XML Injection in Xerces Java affects Nokogiri Open

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability Open

Inefficient Regular Expression Complexity in Nokogiri Open

Directory traversal in Rack::Directory app bundled with Rack Open

Integer Overflow or Wraparound in libxml2 affects Nokogiri Open

Out-of-bounds Write in zlib affects Nokogiri Open

Percent-encoded cookies can be used to overwrite existing prefixed cookie names Open

Inefficient Regular Expression Complexity in rails-html-sanitizer Open

Denial of Service in rubyzip ("zip bombs") Open

Devise Gem for Ruby confirmation token validation with a blank string Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer Open

Improper neutralization of data URIs may allow XSS in Loofah Open

Denial of Service (DoS) in Nokogiri on JRuby Open

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix) Open

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12 Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs Open

Improper Handling of Unexpected Data Type in Nokogiri Open

Possible RCE escalation bug with Serialized Columns in Active Record Open

Denial of Service Vulnerability in Rack Multipart Parsing Open

Denial of Service Vulnerability in Rack Content-Disposition parsing Open

Possible XSS Vulnerability in Action Pack Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file Open

Possible shell escape sequence injection vulnerability in Rack Open

Denial of service via header parsing in Rack Open

Possible Information Disclosure / Unintended Method Execution in Action Pack Open

libxml2 2.9.10 has an infinite loop in a certain end-of-file situation Open

Keepalive thread overload/DoS in puma Open

Possible information leak / session hijack vulnerability Open

ReDoS based DoS vulnerability in Action Dispatch Open

HTTP Response Splitting vulnerability in puma Open

Possible code injection vulnerability in Rails / Active Storage Open

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities Open

OS Command Injection in Rake Open

Ability to forge per-form CSRF tokens given a global CSRF token Open

Possible DoS Vulnerability in Action Controller Token Authentication Open

Potential XSS vulnerability in Action View Open

CSRF Vulnerability in rails-ujs Open

HTTP Smuggling via Transfer-Encoding Header in Puma Open

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma
Open

ReDoS based DoS vulnerability in GlobalID
Open

Information Exposure with Puma when used with Rails
Open

HTTP Request Smuggling in puma
Open

Keepalive Connections Causing Denial Of Service in puma
Open

Denial of Service (DoS) in Nokogiri on JRuby
Open

Inefficient Regular Expression Complexity in Loofah
Open

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

XML Injection in Xerces Java affects Nokogiri
Open

Improper Handling of Unexpected Data Type in Nokogiri
Open

Out-of-bounds Write in zlib affects Nokogiri
Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

Uncontrolled Recursion in Loofah
Open

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

Regular Expression Denial of Service in Addressable templates
Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

Inefficient Regular Expression Complexity in Nokogiri
Open

Inefficient Regular Expression Complexity in Nokogiri
Open

Out-of-bounds Write in zlib affects Nokogiri
Open

XML Injection in Xerces Java affects Nokogiri
Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

XSS vulnerability in bootstrap
Open

Potential XSS vulnerability in jQuery
Open

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

Denial of Service (DoS) in Nokogiri on JRuby
Open

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

Improper Handling of Unexpected Data Type in Nokogiri
Open

Loofah XSS Vulnerability
Open

XML Injection in Xerces Java affects Nokogiri
Open

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

Inefficient Regular Expression Complexity in Nokogiri
Open

Directory traversal in Rack::Directory app bundled with Rack
Open

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

Out-of-bounds Write in zlib affects Nokogiri
Open

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

Denial of Service in rubyzip ("zip bombs")
Open

Devise Gem for Ruby confirmation token validation with a blank string
Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

Improper neutralization of data URIs may allow XSS in Loofah
Open

Denial of Service (DoS) in Nokogiri on JRuby
Open

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

Improper Handling of Unexpected Data Type in Nokogiri
Open

Possible RCE escalation bug with Serialized Columns in Active Record
Open

Denial of Service Vulnerability in Rack Multipart Parsing
Open

Denial of Service Vulnerability in Rack Content-Disposition parsing
Open

Possible XSS Vulnerability in Action Pack
Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

Possible shell escape sequence injection vulnerability in Rack
Open

Denial of service via header parsing in Rack
Open

Possible Information Disclosure / Unintended Method Execution in Action Pack
Open

libxml2 2.9.10 has an infinite loop in a certain end-of-file situation
Open

Keepalive thread overload/DoS in puma
Open

Possible information leak / session hijack vulnerability
Open

ReDoS based DoS vulnerability in Action Dispatch
Open

HTTP Response Splitting vulnerability in puma
Open

Possible code injection vulnerability in Rails / Active Storage
Open

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

OS Command Injection in Rake
Open

Ability to forge per-form CSRF tokens given a global CSRF token
Open

Possible DoS Vulnerability in Action Controller Token Authentication
Open

Potential XSS vulnerability in Action View
Open

CSRF Vulnerability in rails-ujs
Open

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

Possible XSS vulnerability in ActionView
Open

Possible DoS Vulnerability in Active Record PostgreSQL adapter
Open

ReDoS based DoS vulnerability in Active Support’s underscore
Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open