Sign upLogin

initiatived21/d21

View on GitHub
Star

Showing 611 of 611 total issues

Code Injection vulnerability in CarrierWave::RMagick
Open

    carrierwave (0.11.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-21305

Criticality: High

URL: https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-cf3w-g86h-35x4

Solution: upgrade to ~> 1.3.2, >= 2.1.1

Cross-Site Scripting in Kaminari via original_script_name parameter
Open

    kaminari (0.17.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-11082

Criticality: Medium

URL: https://github.com/kaminari/kaminari/security/advisories/GHSA-r5jw-62xg-j433

Solution: upgrade to >= 1.2.1

XSS Vulnerability on closeText option of Dialog jQuery UI
Open

    jquery-ui-rails (5.0.5)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2016-7103

Criticality: Medium

URL: https://github.com/jquery/api.jqueryui.com/issues/281

Solution: upgrade to >= 6.0.0

ReDoS based DoS vulnerability in GlobalID
Open

    globalid (0.4.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2023-22799

URL: https://github.com/rails/globalid/releases/tag/v1.0.1

Solution: upgrade to >= 1.0.1

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

    json (1.8.3)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-10663

Criticality: High

URL: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/

Solution: upgrade to >= 2.3.0

HTTP Request Smuggling in puma
Open

    puma (3.4.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-24790

Criticality: Critical

URL: https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9

Solution: upgrade to ~> 4.3.12, >= 5.6.4

Information Exposure with Puma when used with Rails
Open

    puma (3.4.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23634

Criticality: High

URL: https://github.com/puma/puma/security/advisories/GHSA-rmj8-8hhh-gv5h

Solution: upgrade to ~> 4.3.11, >= 5.6.2

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma
Open

    puma (3.4.0)
Severity: Info
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-41136

Criticality: Low

URL: https://github.com/puma/puma/security/advisories/GHSA-48w2-rm65-62xx

Solution: upgrade to ~> 4.3.9, >= 5.5.1

Server-side request forgery in CarrierWave
Open

    carrierwave (0.11.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-21288

Criticality: Medium

URL: https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-fwcm-636p-68r5

Solution: upgrade to ~> 1.3.2, >= 2.1.1

Keepalive Connections Causing Denial Of Service in puma
Open

    puma (3.4.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-29509

Criticality: High

URL: https://github.com/puma/puma/security/advisories/GHSA-q28m-8xjw-8vr5

Solution: upgrade to ~> 4.3.8, >= 5.3.1

Cross-site Scripting in Sidekiq
Open

    sidekiq (4.1.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-30151

Criticality: Medium

URL: https://github.com/advisories/GHSA-grh7-935j-hg6w

Solution: upgrade to ~> 5.2.0, >= 6.2.1

Denial of service in sidekiq
Open

    sidekiq (4.1.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23837

Criticality: High

URL: https://github.com/mperham/sidekiq/commit/7785ac1399f1b28992adb56055f6acd88fd1d956

Solution: upgrade to >= 6.4.0, ~> 5.2.10

Class has too many lines. [203/100]
Open

class PledgesController < ApplicationController
  before_action :set_new_form, only: [:new, :create]
  before_action :set_edit_form, only: [:edit, :update, :finalize]
  before_action :authenticate_user!, except: [:new, :create, :index, :show]
Severity: Minor
Found in app/controllers/pledges_controller.rb by rubocop

This cop checks if the length a class exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

Similar blocks of code found in 2 locations. Consider refactoring.
Open

          <article className="o-flipper__inner">
            <div className="o-flipper__front">
              <PledgeTileFront
                className={className}
                state={state}
Severity: Major
Found in client/app/PledgeTile/components/PledgeTile.jsx and 1 other location - About 1 day to fix
client/app/SocialMediaCard/components/SocialMediaCard.jsx on lines 45..74

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 253.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Similar blocks of code found in 2 locations. Consider refactoring.
Open

      <div className="c-card">
        <div className="c-card__front">
          <PledgeTileFront
            className={className}
            state={state}
Severity: Major
Found in client/app/SocialMediaCard/components/SocialMediaCard.jsx and 1 other location - About 1 day to fix
client/app/PledgeTile/components/PledgeTile.jsx on lines 54..83

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 253.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

File i18n.js has 570 lines of code (exceeds 250 allowed). Consider refactoring.
Open

// export default class I18n {
//   static set locale(locale) {
//     'yo'
//   }
//
Severity: Major
Found in client/vendor/i18n/i18n.js - About 1 day to fix

    Identical blocks of code found in 2 locations. Consider refactoring.
    Open

        pledge: PropTypes.shape({
      id: PropTypes.number.isRequired,
      aasm_state: PropTypes.string.isRequired,
      title: PropTypes.string.isRequired,
      content: PropTypes.string.isRequired,
    Severity: Major
    Found in client/app/PledgeTile/components/PledgeTile.jsx and 1 other location - About 1 day to fix
    client/app/SocialMediaCard/components/SocialMediaCard.jsx on lines 13..31

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 215.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    Identical blocks of code found in 2 locations. Consider refactoring.
    Open

        pledge: PropTypes.shape({
      id: PropTypes.number.isRequired,
      aasm_state: PropTypes.string.isRequired,
      title: PropTypes.string.isRequired,
      content: PropTypes.string.isRequired,
    Severity: Major
    Found in client/app/SocialMediaCard/components/SocialMediaCard.jsx and 1 other location - About 1 day to fix
    client/app/PledgeTile/components/PledgeTile.jsx on lines 11..29

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 215.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    Older releases of better_errors open to Cross-Site Request Forgery attack
    Open

        better_errors (2.1.1)
    Severity: Minor
    Found in Gemfile.lock by bundler-audit

    Advisory: CVE-2021-39197

    Criticality: Medium

    URL: https://github.com/BetterErrors/better_errors/security/advisories/GHSA-w3j4-76qw-wwjm

    Solution: upgrade to >= 2.8.0

    Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
    Open

        nokogiri (1.8.1)
    Severity: Minor
    Found in Gemfile.lock by bundler-audit

    Advisory: CVE-2019-5477

    Criticality: Critical

    URL: https://github.com/sparklemotion/nokogiri/issues/1915

    Solution: upgrade to >= 1.10.4

    Severity
    Category
    Status
    Source
    Language