Issues - infusionvlc/ConexionFelina

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

    nokogiri (1.10.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-cgx6-hpwq-fhv5

Solution: upgrade to >= 1.13.5

Out-of-bounds Write in zlib affects Nokogiri
Open

    nokogiri (1.10.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-25032

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5

Solution: upgrade to >= 1.13.4

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

    rack (2.0.7)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8184

Criticality: High

URL: https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak

Solution: upgrade to ~> 2.1.4, >= 2.2.3

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23517

Criticality: High

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w

Solution: upgrade to >= 1.4.4

Denial of Service in rubyzip ("zip bombs")
Open

    rubyzip (1.2.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-16892

Criticality: Medium

URL: https://github.com/rubyzip/rubyzip/pull/403

Solution: upgrade to >= 1.3.0

Devise Gem for Ruby confirmation token validation with a blank string
Open

    devise (4.6.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-16109

Criticality: Medium

URL: https://github.com/plataformatec/devise/issues/5071

Solution: upgrade to >= 4.7.1

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

    nokogiri (1.10.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw

Solution: upgrade to >= 1.13.9

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23520

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8

Solution: upgrade to >= 1.4.4

Improper neutralization of data URIs may allow XSS in Loofah
Open

    loofah (2.2.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23515

Criticality: Medium

URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-228g-948r-83gx

Solution: upgrade to >= 2.19.1

Denial of Service (DoS) in Nokogiri on JRuby
Open

    nokogiri (1.10.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-24839

Criticality: High

URL: https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv

Solution: upgrade to >= 1.13.4

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

    json (2.1.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-10663

Criticality: High

URL: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/

Solution: upgrade to >= 2.3.0

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

    nokogiri (1.10.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-41098

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h

Solution: upgrade to >= 1.12.5

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

    nokogiri (1.10.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64

Solution: upgrade to >= 1.11.4

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

    nokogiri (1.10.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw

Solution: upgrade to >= 1.13.9

Improper Handling of Unexpected Data Type in Nokogiri
Open

    nokogiri (1.10.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-29181

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m

Solution: upgrade to >= 1.13.6

Possible RCE escalation bug with Serialized Columns in Active Record
Open

    activerecord (5.2.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-32224

Criticality: Critical

URL: https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U

Solution: upgrade to >= 5.2.8.1, ~> 5.2.8, >= 6.0.5.1, ~> 6.0.5, >= 6.1.6.1, ~> 6.1.6, >= 7.0.3.1

Denial of Service Vulnerability in Rack Multipart Parsing
Open

    rack (2.0.7)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-30122

Criticality: High

URL: https://groups.google.com/g/ruby-security-ann/c/L2Axto442qk

Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1

Denial of Service Vulnerability in Rack Content-Disposition parsing
Open

    rack (2.0.7)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-44571

URL: https://github.com/rack/rack/releases/tag/v3.0.4.1

Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.1, ~> 2.2.6, >= 3.0.4.1

Possible XSS Vulnerability in Action Pack
Open

    actionpack (5.2.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-22577

Criticality: Medium

URL: https://groups.google.com/g/ruby-security-ann/c/NuFRKaN5swI

Solution: upgrade to >= 5.2.7.1, ~> 5.2.7, >= 6.0.4.8, ~> 6.0.4, >= 6.1.5.1, ~> 6.1.5, >= 7.0.2.4

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

    nokogiri (1.10.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-5477

Criticality: Critical

URL: https://github.com/sparklemotion/nokogiri/issues/1915

Solution: upgrade to >= 1.10.4

infusionvlc/ConexionFelina

Showing 303 of 303 total issues

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

Out-of-bounds Write in zlib affects Nokogiri
Open

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

Denial of Service in rubyzip ("zip bombs")
Open

Devise Gem for Ruby confirmation token validation with a blank string
Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

Improper neutralization of data URIs may allow XSS in Loofah
Open

Denial of Service (DoS) in Nokogiri on JRuby
Open

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

Improper Handling of Unexpected Data Type in Nokogiri
Open

Possible RCE escalation bug with Serialized Columns in Active Record
Open

Denial of Service Vulnerability in Rack Multipart Parsing
Open

Denial of Service Vulnerability in Rack Content-Disposition parsing
Open

Possible XSS Vulnerability in Action Pack
Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

Severity

Category

Status

Source

Language

infusionvlc/ConexionFelina

Showing 303 of 303 total issues

Integer Overflow or Wraparound in libxml2 affects Nokogiri Open

Out-of-bounds Write in zlib affects Nokogiri Open

Percent-encoded cookies can be used to overwrite existing prefixed cookie names Open

Inefficient Regular Expression Complexity in rails-html-sanitizer Open

Denial of Service in rubyzip ("zip bombs") Open

Devise Gem for Ruby confirmation token validation with a blank string Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer Open

Improper neutralization of data URIs may allow XSS in Loofah Open

Denial of Service (DoS) in Nokogiri on JRuby Open

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix) Open

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12 Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs Open

Improper Handling of Unexpected Data Type in Nokogiri Open

Possible RCE escalation bug with Serialized Columns in Active Record Open

Denial of Service Vulnerability in Rack Multipart Parsing Open

Denial of Service Vulnerability in Rack Content-Disposition parsing Open

Possible XSS Vulnerability in Action Pack Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file Open

Severity

Category

Status

Source

Language

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

Out-of-bounds Write in zlib affects Nokogiri
Open

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

Denial of Service in rubyzip ("zip bombs")
Open

Devise Gem for Ruby confirmation token validation with a blank string
Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

Improper neutralization of data URIs may allow XSS in Loofah
Open

Denial of Service (DoS) in Nokogiri on JRuby
Open

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

Improper Handling of Unexpected Data Type in Nokogiri
Open

Possible RCE escalation bug with Serialized Columns in Active Record
Open

Denial of Service Vulnerability in Rack Multipart Parsing
Open

Denial of Service Vulnerability in Rack Content-Disposition parsing
Open

Possible XSS Vulnerability in Action Pack
Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open