khalilgharbaoui/check-taskmanager-back-end-api

View on GitHub

Showing 31 of 31 total issues

Path Traversal in Sprockets
Open

    sprockets (3.5.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-3760

URL: https://groups.google.com/forum/#!topic/ruby-security-ann/2S9Pwz2i16k

Solution: upgrade to < 3.0.0, >= 2.12.5, < 4.0.0, >= 3.7.2, >= 4.0.0.beta8

Nokogiri gem, via libxml2, is affected by multiple vulnerabilities
Open

    nokogiri (1.6.7.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-14404

URL: https://github.com/sparklemotion/nokogiri/issues/1785

Solution: upgrade to >= 1.8.5

Nokogiri gem contains several vulnerabilities in libxml2 and libxslt
Open

    nokogiri (1.6.7.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2016-4658

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1615

Solution: upgrade to >= 1.7.1

Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29
Open

    nokogiri (1.6.7.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2017-5029

URL: https://github.com/sparklemotion/nokogiri/issues/1634

Solution: upgrade to >= 1.7.2

Loofah XSS Vulnerability
Open

    loofah (2.0.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-8048

URL: https://github.com/flavorjones/loofah/issues/144

Solution: upgrade to >= 2.2.1

Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities
Open

    nokogiri (1.6.7.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2017-9050

URL: https://github.com/sparklemotion/nokogiri/issues/1673

Solution: upgrade to >= 1.8.1

Revert libxml2 behavior in Nokogiri gem that could cause XSS
Open

    nokogiri (1.6.7.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-8048

URL: https://github.com/sparklemotion/nokogiri/pull/1746

Solution: upgrade to >= 1.8.3

i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS
Open

    i18n (0.7.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2014-10077

URL: https://github.com/svenfuchs/i18n/pull/289

Solution: upgrade to >= 0.8.0

Loofah XSS Vulnerability
Open

    loofah (2.0.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-16468

URL: https://github.com/flavorjones/loofah/issues/154

Solution: upgrade to >= 2.2.3

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

    nokogiri (1.6.7.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2017-16932

URL: https://github.com/sparklemotion/nokogiri/issues/1714

Solution: upgrade to >= 1.8.1

Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Open

    nokogiri (1.6.7.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-11068

URL: https://github.com/sparklemotion/nokogiri/issues/1892

Solution: upgrade to >= 1.10.3

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

    nokogiri (1.6.7.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2017-15412

URL: https://github.com/sparklemotion/nokogiri/issues/1714

Solution: upgrade to >= 1.8.2

rack-cors Gem Missing Anchor permits unauthorized CORS requests
Open

    rack-cors (0.4.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2017-11173

Criticality: High

URL: https://github.com/cyu/rack-cors/issues/86

Solution: upgrade to >= 0.4.1

Possible XSS vulnerability in Rack
Open

    rack (1.6.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-16471

URL: https://groups.google.com/forum/#!topic/ruby-security-ann/NAalCee8n6o

Solution: upgrade to ~> 1.6.11, >= 2.0.6

File Content Disclosure in Action View
Open

    actionview (4.2.5.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-5418

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q

Solution: upgrade to >= 4.2.11.1, ~> 4.2.11, >= 5.0.7.2, ~> 5.0.7, >= 5.1.6.2, ~> 5.1.6, >= 5.2.2.1, ~> 5.2.2, >= 6.0.0.beta3

XSS vulnerability in rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-3741

URL: https://groups.google.com/d/msg/rubyonrails-security/tP7W3kLc5u4/uDy2Br7xBgAJ

Solution: upgrade to >= 1.0.4

Possible XSS Vulnerability in Action View
Open

    actionview (4.2.5.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2016-6316

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/I-VWr034ouk

Solution: upgrade to ~> 4.2.7.1, ~> 4.2.8, >= 5.0.0.1

ruby-ffi DDL loading issue on Windows OS
Open

    ffi (1.9.10)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-1000201

Criticality: High

URL: https://github.com/ffi/ffi/releases/tag/1.9.24

Solution: upgrade to >= 1.9.24

Denial of Service Vulnerability in Action View
Open

    actionview (4.2.5.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-5419

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/GN7w9fFAQeI

Solution: upgrade to >= 6.0.0.beta3, >= 5.2.2.1, ~> 5.2.2, >= 5.1.6.2, ~> 5.1.6, >= 5.0.7.2, ~> 5.0.7, >= 4.2.11.1, ~> 4.2.11

Unsafe Query Generation Risk in Active Record
Open

    activerecord (4.2.5.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2016-6317

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/rgO20zYW33s

Solution: upgrade to >= 4.2.7.1

Severity
Category
Status
Source
Language