Issues - jcleary/blade - Code Climate

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw

Solution: upgrade to >= 1.13.9

Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-11068

URL: https://github.com/sparklemotion/nokogiri/issues/1892

Solution: upgrade to >= 1.10.3

Possible DoS Vulnerability in Action Controller Token Authentication
Open

    actionpack (5.0.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-22904

Criticality: High

URL: https://groups.google.com/g/rubyonrails-security/c/Pf1TjkOBdyQ

Solution: upgrade to ~> 5.2.4.6, ~> 5.2.6, >= 6.0.3.7, ~> 6.0.3, >= 6.1.3.2

Possible Information Disclosure / Unintended Method Execution in Action Pack
Open

    actionpack (5.0.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-22885

Criticality: High

URL: https://groups.google.com/g/rubyonrails-security/c/NiQl-48cXYI

Solution: upgrade to ~> 5.2.4.6, ~> 5.2.6, >= 6.0.3.7, ~> 6.0.3, >= 6.1.3.2

Ability to forge per-form CSRF tokens given a global CSRF token
Open

    actionpack (5.0.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8166

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

CSRF Vulnerability in rails-ujs
Open

    actionview (5.0.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8167

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64

Solution: upgrade to >= 1.11.4

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2017-16932

URL: https://github.com/sparklemotion/nokogiri/issues/1714

Solution: upgrade to >= 1.8.1

Inefficient Regular Expression Complexity in Nokogiri
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-24836

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8

Solution: upgrade to >= 1.13.4

Keepalive thread overload/DoS in puma
Open

    puma (3.6.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-16770

Criticality: High

URL: https://github.com/puma/puma/security/advisories/GHSA-7xx3-m584-x994

Solution: upgrade to ~> 3.12.2, >= 4.3.1

ReDoS based DoS vulnerability in Action Dispatch
Open

    actionpack (5.0.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2023-22795

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Inefficient Regular Expression Complexity in Loofah
Open

    loofah (2.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23514

Criticality: High

URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-486f-hjj9-9vhh

Solution: upgrade to >= 2.19.1

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-41098

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h

Solution: upgrade to >= 1.12.5

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23520

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8

Solution: upgrade to >= 1.4.4

Devise Gem for Ruby confirmation token validation with a blank string
Open

    devise (4.2.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-16109

Criticality: Medium

URL: https://github.com/plataformatec/devise/issues/5071

Solution: upgrade to >= 4.7.1

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-13117

URL: https://github.com/sparklemotion/nokogiri/issues/1943

Solution: upgrade to >= 1.10.5

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23519

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h

Solution: upgrade to >= 1.4.4

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23517

Criticality: High

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w

Solution: upgrade to >= 1.4.4

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23518

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m

Solution: upgrade to >= 1.4.4

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

    activerecord (5.0.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-44566

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

jcleary/blade

Showing 91 of 91 total issues

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Open

Possible DoS Vulnerability in Action Controller Token Authentication
Open

Possible Information Disclosure / Unintended Method Execution in Action Pack
Open

Ability to forge per-form CSRF tokens given a global CSRF token
Open

CSRF Vulnerability in rails-ujs
Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

Inefficient Regular Expression Complexity in Nokogiri
Open

Keepalive thread overload/DoS in puma
Open

ReDoS based DoS vulnerability in Action Dispatch
Open

Inefficient Regular Expression Complexity in Loofah
Open

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

Devise Gem for Ruby confirmation token validation with a blank string
Open

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

Severity

Category

Status

Source

Language

jcleary/blade

Showing 91 of 91 total issues

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs Open

Nokogiri gem, via libxslt, is affected by improper access control vulnerability Open

Possible DoS Vulnerability in Action Controller Token Authentication Open

Possible Information Disclosure / Unintended Method Execution in Action Pack Open

Ability to forge per-form CSRF tokens given a global CSRF token Open

CSRF Vulnerability in rails-ujs Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12 Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities Open

Inefficient Regular Expression Complexity in Nokogiri Open

Keepalive thread overload/DoS in puma Open

ReDoS based DoS vulnerability in Action Dispatch Open

Inefficient Regular Expression Complexity in Loofah Open

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer Open

Devise Gem for Ruby confirmation token validation with a blank string Open

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer Open

Inefficient Regular Expression Complexity in rails-html-sanitizer Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer Open

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter Open

Severity

Category

Status

Source

Language

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Open

Possible DoS Vulnerability in Action Controller Token Authentication
Open

Possible Information Disclosure / Unintended Method Execution in Action Pack
Open

Ability to forge per-form CSRF tokens given a global CSRF token
Open

CSRF Vulnerability in rails-ujs
Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

Inefficient Regular Expression Complexity in Nokogiri
Open

Keepalive thread overload/DoS in puma
Open

ReDoS based DoS vulnerability in Action Dispatch
Open

Inefficient Regular Expression Complexity in Loofah
Open

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

Devise Gem for Ruby confirmation token validation with a blank string
Open

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open