Issues - jacobwgillespie/halfstaff

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23517

Criticality: High

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w

Solution: upgrade to >= 1.4.4

Out-of-bounds Write in zlib affects Nokogiri
Open

    nokogiri (1.8.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-25032

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5

Solution: upgrade to >= 1.13.4

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

    nokogiri (1.8.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-41098

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h

Solution: upgrade to >= 1.12.5

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

    json (2.1.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-10663

Criticality: High

URL: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/

Solution: upgrade to >= 2.3.0

Inefficient Regular Expression Complexity in Loofah
Open

    loofah (2.2.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23514

Criticality: High

URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-486f-hjj9-9vhh

Solution: upgrade to >= 2.19.1

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

    nokogiri (1.8.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64

Solution: upgrade to >= 1.11.4

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

    nokogiri (1.8.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-26247

Criticality: Low

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m

Solution: upgrade to >= 1.11.0.rc4

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

    nokogiri (1.8.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-cgx6-hpwq-fhv5

Solution: upgrade to >= 1.13.5

XML Injection in Xerces Java affects Nokogiri
Open

    nokogiri (1.8.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23437

Criticality: Medium

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xxx9-3xcr-gjj3

Solution: upgrade to >= 1.13.4

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

    nokogiri (1.8.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw

Solution: upgrade to >= 1.13.9

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

    rails-html-sanitizer (1.0.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-32209

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/ce9PhUANQ6s

Solution: upgrade to >= 1.4.3

Uncontrolled Recursion in Loofah
Open

    loofah (2.2.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23516

Criticality: High

URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-3x8r-x6xp-q4vm

Solution: upgrade to >= 2.19.1

Inefficient Regular Expression Complexity in Nokogiri
Open

    nokogiri (1.8.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-24836

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8

Solution: upgrade to >= 1.13.4

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23520

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8

Solution: upgrade to >= 1.4.4

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23518

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m

Solution: upgrade to >= 1.4.4

Keepalive thread overload/DoS in puma
Open

    puma (3.12.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-16770

Criticality: High

URL: https://github.com/puma/puma/security/advisories/GHSA-7xx3-m584-x994

Solution: upgrade to ~> 3.12.2, >= 4.3.1

Possible Information Disclosure / Unintended Method Execution in Action Pack
Open

    actionpack (5.2.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-22885

Criticality: High

URL: https://groups.google.com/g/rubyonrails-security/c/NiQl-48cXYI

Solution: upgrade to ~> 5.2.4.6, ~> 5.2.6, >= 6.0.3.7, ~> 6.0.3, >= 6.1.3.2

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

    puma (3.12.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-11077

Criticality: Medium

URL: https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm

Solution: upgrade to ~> 3.12.6, >= 4.3.5

Possible DoS Vulnerability in Action Controller Token Authentication
Open

    actionpack (5.2.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-22904

Criticality: High

URL: https://groups.google.com/g/rubyonrails-security/c/Pf1TjkOBdyQ

Solution: upgrade to ~> 5.2.4.6, ~> 5.2.6, >= 6.0.3.7, ~> 6.0.3, >= 6.1.3.2

Denial of service via multipart parsing in Rack
Open

    rack (2.0.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-44572

URL: https://github.com/rack/rack/releases/tag/v3.0.4.1

Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.1, ~> 2.2.6, >= 3.0.4.1

jacobwgillespie/halfstaff

Showing 81 of 81 total issues

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

Out-of-bounds Write in zlib affects Nokogiri
Open

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

Inefficient Regular Expression Complexity in Loofah
Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

XML Injection in Xerces Java affects Nokogiri
Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

Uncontrolled Recursion in Loofah
Open

Inefficient Regular Expression Complexity in Nokogiri
Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

Keepalive thread overload/DoS in puma
Open

Possible Information Disclosure / Unintended Method Execution in Action Pack
Open

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

Possible DoS Vulnerability in Action Controller Token Authentication
Open

Denial of service via multipart parsing in Rack
Open

Severity

Category

Status

Source

Language

jacobwgillespie/halfstaff

Showing 81 of 81 total issues

Inefficient Regular Expression Complexity in rails-html-sanitizer Open

Out-of-bounds Write in zlib affects Nokogiri Open

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby Open

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix) Open

Inefficient Regular Expression Complexity in Loofah Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12 Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability Open

Integer Overflow or Wraparound in libxml2 affects Nokogiri Open

XML Injection in Xerces Java affects Nokogiri Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs Open

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer Open

Uncontrolled Recursion in Loofah Open

Inefficient Regular Expression Complexity in Nokogiri Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer Open

Keepalive thread overload/DoS in puma Open

Possible Information Disclosure / Unintended Method Execution in Action Pack Open

HTTP Smuggling via Transfer-Encoding Header in Puma Open

Possible DoS Vulnerability in Action Controller Token Authentication Open

Denial of service via multipart parsing in Rack Open

Severity

Category

Status

Source

Language

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

Out-of-bounds Write in zlib affects Nokogiri
Open

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

Inefficient Regular Expression Complexity in Loofah
Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

XML Injection in Xerces Java affects Nokogiri
Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

Uncontrolled Recursion in Loofah
Open

Inefficient Regular Expression Complexity in Nokogiri
Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

Keepalive thread overload/DoS in puma
Open

Possible Information Disclosure / Unintended Method Execution in Action Pack
Open

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

Possible DoS Vulnerability in Action Controller Token Authentication
Open

Denial of service via multipart parsing in Rack
Open