Issues - intercity/intercity-next

Denial of Service (DoS) in Nokogiri on JRuby
Open

    nokogiri (1.10.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-24839

Criticality: High

URL: https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv

Solution: upgrade to >= 1.13.4

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23519

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h

Solution: upgrade to >= 1.4.4

Sinatra vulnerable to Reflected File Download attack
Open

    sinatra (2.0.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-45442

Criticality: High

URL: https://github.com/sinatra/sinatra/security/advisories/GHSA-2x8x-jmrp-phxw

Solution: upgrade to ~> 2.2.3, >= 3.0.4

CSRF Vulnerability in rails-ujs
Open

    actionview (5.1.6)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8167

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

    activerecord (5.1.6)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-44566

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Possible RCE escalation bug with Serialized Columns in Active Record
Open

    activerecord (5.1.6)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-32224

Criticality: Critical

URL: https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U

Solution: upgrade to >= 5.2.8.1, ~> 5.2.8, >= 6.0.5.1, ~> 6.0.5, >= 6.1.6.1, ~> 6.1.6, >= 7.0.3.1

ReDoS based DoS vulnerability in Action Dispatch
Open

    actionpack (5.1.6)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2023-22795

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Loofah XSS Vulnerability
Open

    loofah (2.2.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-15587

Criticality: Medium

URL: https://github.com/flavorjones/loofah/issues/171

Solution: upgrade to >= 2.3.1

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

    nokogiri (1.10.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-cgx6-hpwq-fhv5

Solution: upgrade to >= 1.13.5

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

    nokogiri (1.10.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64

Solution: upgrade to >= 1.11.4

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

    nokogiri (1.10.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-41098

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h

Solution: upgrade to >= 1.12.5

Uncontrolled Recursion in Loofah
Open

    loofah (2.2.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23516

Criticality: High

URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-3x8r-x6xp-q4vm

Solution: upgrade to >= 2.19.1

Inefficient Regular Expression Complexity in Loofah
Open

    loofah (2.2.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23514

Criticality: High

URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-486f-hjj9-9vhh

Solution: upgrade to >= 2.19.1

Injection/XSS in Redcarpet
Open

    redcarpet (3.4.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-26298

Criticality: Medium

URL: https://github.com/vmg/redcarpet/commit/a699c82292b17c8e6a62e1914d5eccc252272793

Solution: upgrade to >= 3.5.1

Possible XSS Vulnerability in Action View tag helpers
Open

    actionview (5.1.6)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-27777

Criticality: Medium

URL: https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw

Solution: upgrade to >= 5.2.7.1, ~> 5.2.7, >= 6.0.4.8, ~> 6.0.4, >= 6.1.5.1, ~> 6.1.5, >= 7.0.2.4

Ability to forge per-form CSRF tokens given a global CSRF token
Open

    actionpack (5.1.6)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8166

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

Regular Expression Denial of Service in Addressable templates
Open

    addressable (2.5.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-32740

Criticality: High

URL: https://github.com/advisories/GHSA-jxhc-q857-3j6g

Solution: upgrade to >= 2.8.0

Potential XSS vulnerability in Action View
Open

    actionview (5.1.6)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-15169

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/b-C9kSGXYrc

Solution: upgrade to >= 5.2.4.4, ~> 5.2.4, >= 6.0.3.3

Possible XSS vulnerability in ActionView
Open

    actionview (5.1.6)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-5267

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/55reWMM_Pg8

Solution: upgrade to >= 5.2.4.2, ~> 5.2.4, >= 6.0.2.2

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

    nokogiri (1.10.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-26247

Criticality: Low

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m

Solution: upgrade to >= 1.11.0.rc4

intercity/intercity-next

Showing 98 of 98 total issues

Denial of Service (DoS) in Nokogiri on JRuby
Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

Sinatra vulnerable to Reflected File Download attack
Open

CSRF Vulnerability in rails-ujs
Open

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

Possible RCE escalation bug with Serialized Columns in Active Record
Open

ReDoS based DoS vulnerability in Action Dispatch
Open

Loofah XSS Vulnerability
Open

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

Uncontrolled Recursion in Loofah
Open

Inefficient Regular Expression Complexity in Loofah
Open

Injection/XSS in Redcarpet
Open

Possible XSS Vulnerability in Action View tag helpers
Open

Ability to forge per-form CSRF tokens given a global CSRF token
Open

Regular Expression Denial of Service in Addressable templates
Open

Potential XSS vulnerability in Action View
Open

Possible XSS vulnerability in ActionView
Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

Severity

Category

Status

Source

Language

intercity/intercity-next

Showing 98 of 98 total issues

Denial of Service (DoS) in Nokogiri on JRuby Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer Open

Sinatra vulnerable to Reflected File Download attack Open

CSRF Vulnerability in rails-ujs Open

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter Open

Possible RCE escalation bug with Serialized Columns in Active Record Open

ReDoS based DoS vulnerability in Action Dispatch Open

Loofah XSS Vulnerability Open

Integer Overflow or Wraparound in libxml2 affects Nokogiri Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12 Open

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby Open

Uncontrolled Recursion in Loofah Open

Inefficient Regular Expression Complexity in Loofah Open

Injection/XSS in Redcarpet Open

Possible XSS Vulnerability in Action View tag helpers Open

Ability to forge per-form CSRF tokens given a global CSRF token Open

Regular Expression Denial of Service in Addressable templates Open

Potential XSS vulnerability in Action View Open

Possible XSS vulnerability in ActionView Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability Open

Severity

Category

Status

Source

Language

Denial of Service (DoS) in Nokogiri on JRuby
Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

Sinatra vulnerable to Reflected File Download attack
Open

CSRF Vulnerability in rails-ujs
Open

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

Possible RCE escalation bug with Serialized Columns in Active Record
Open

ReDoS based DoS vulnerability in Action Dispatch
Open

Loofah XSS Vulnerability
Open

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

Uncontrolled Recursion in Loofah
Open

Inefficient Regular Expression Complexity in Loofah
Open

Injection/XSS in Redcarpet
Open

Possible XSS Vulnerability in Action View tag helpers
Open

Ability to forge per-form CSRF tokens given a global CSRF token
Open

Regular Expression Denial of Service in Addressable templates
Open

Potential XSS vulnerability in Action View
Open

Possible XSS vulnerability in ActionView
Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open