Showing 365 of 368 total issues
CSRF vulnerability in OmniAuth's request phase Open
omniauth (1.8.1)- Read upRead up
- Exclude checks
Advisory: CVE-2015-9284
Criticality: High
URL: https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284
Solution: upgrade to >= 2.0.0
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma Open
puma (3.12.0)- Read upRead up
- Exclude checks
Advisory: CVE-2021-41136
Criticality: Low
URL: https://github.com/puma/puma/security/advisories/GHSA-48w2-rm65-62xx
Solution: upgrade to ~> 4.3.9, >= 5.5.1
HTTP Request Smuggling in puma Open
puma (3.12.0)- Read upRead up
- Exclude checks
Advisory: CVE-2022-24790
Criticality: Critical
URL: https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9
Solution: upgrade to ~> 4.3.12, >= 5.6.4
Keepalive Connections Causing Denial Of Service in puma Open
puma (3.12.0)- Read upRead up
- Exclude checks
Advisory: CVE-2021-29509
Criticality: High
URL: https://github.com/puma/puma/security/advisories/GHSA-q28m-8xjw-8vr5
Solution: upgrade to ~> 4.3.8, >= 5.3.1
Information Exposure with Puma when used with Rails Open
puma (3.12.0)- Read upRead up
- Exclude checks
Advisory: CVE-2022-23634
Criticality: High
URL: https://github.com/puma/puma/security/advisories/GHSA-rmj8-8hhh-gv5h
Solution: upgrade to ~> 4.3.11, >= 5.6.2
ReDoS based DoS vulnerability in GlobalID Open
globalid (0.4.1)- Read upRead up
- Exclude checks
Advisory: CVE-2023-22799
URL: https://github.com/rails/globalid/releases/tag/v1.0.1
Solution: upgrade to >= 1.0.1
Class has too many lines. [135/100] Open
class MeetupsController < ApplicationController
before_action :set_meetup, only: %i[show edit update destroy leave repeat]
include MarkdownConcern
- Read upRead up
- Exclude checks
This cop checks if the length a class exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
Nokogiri gem, via libxslt, is affected by multiple vulnerabilities Open
nokogiri (1.9.1)- Read upRead up
- Exclude checks
Advisory: CVE-2019-13117
URL: https://github.com/sparklemotion/nokogiri/issues/1943
Solution: upgrade to >= 1.10.5
Update bundled libxml2 to v2.10.3 to resolve multiple CVEs Open
nokogiri (1.9.1)- Read upRead up
- Exclude checks
Advisory:
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw
Solution: upgrade to >= 1.13.9
libxml2 2.9.10 has an infinite loop in a certain end-of-file situation Open
nokogiri (1.9.1)- Read upRead up
- Exclude checks
Advisory: CVE-2020-7595
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/issues/1992
Solution: upgrade to >= 1.10.8
Improper Handling of Unexpected Data Type in Nokogiri Open
nokogiri (1.9.1)- Read upRead up
- Exclude checks
Advisory: CVE-2022-29181
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m
Solution: upgrade to >= 1.13.6
OmniAuth's lib/omniauth/failure_endpoint.rb does not escape message_key value Open
omniauth (1.8.1)- Read upRead up
- Exclude checks
Advisory: CVE-2020-36599
Criticality: Critical
Solution: upgrade to ~> 1.9.2, >= 2.0.0
json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix) Open
json (2.1.0)- Read upRead up
- Exclude checks
Advisory: CVE-2020-10663
Criticality: High
URL: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/
Solution: upgrade to >= 2.3.0
Improper neutralization of data URIs may allow XSS in Loofah Open
loofah (2.2.3)- Read upRead up
- Exclude checks
Advisory: CVE-2022-23515
Criticality: Medium
URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-228g-948r-83gx
Solution: upgrade to >= 2.19.1
Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file Open
nokogiri (1.9.1)- Read upRead up
- Exclude checks
Advisory: CVE-2019-5477
Criticality: Critical
URL: https://github.com/sparklemotion/nokogiri/issues/1915
Solution: upgrade to >= 1.10.4
Integer Overflow or Wraparound in libxml2 affects Nokogiri Open
nokogiri (1.9.1)- Read upRead up
- Exclude checks
Advisory:
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-cgx6-hpwq-fhv5
Solution: upgrade to >= 1.13.5
Out-of-bounds Write in zlib affects Nokogiri Open
nokogiri (1.9.1)- Read upRead up
- Exclude checks
Advisory: CVE-2018-25032
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5
Solution: upgrade to >= 1.13.4
Nokogiri gem, via libxslt, is affected by improper access control vulnerability Open
nokogiri (1.9.1)- Read upRead up
- Exclude checks
Advisory: CVE-2019-11068
URL: https://github.com/sparklemotion/nokogiri/issues/1892
Solution: upgrade to >= 1.10.3
Improper Handling of Unexpected Data Type in Nokogiri Open
nokogiri (1.9.1)- Read upRead up
- Exclude checks
Advisory: CVE-2022-29181
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m
Solution: upgrade to >= 1.13.6
Injection/XSS in Redcarpet Open
redcarpet (3.4.0)- Read upRead up
- Exclude checks
Advisory: CVE-2020-26298
Criticality: Medium
URL: https://github.com/vmg/redcarpet/commit/a699c82292b17c8e6a62e1914d5eccc252272793
Solution: upgrade to >= 3.5.1