khalilgharbaoui/check-taskmanager-back-end-api

View on GitHub

Showing 55 of 55 total issues

CSRF Vulnerability in rails-ujs
Open

    actionview (4.2.5.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8167

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0

Solution: upgrade to ~> 5.2.4.3, >= 6.0.3.1

Ability to forge per-form CSRF tokens given a global CSRF token
Open

    actionpack (4.2.5.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8166

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw

Solution: upgrade to ~> 5.2.4.3, >= 6.0.3.1

Keepalive thread overload/DoS in puma
Open

    puma (2.16.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-16770

Criticality: High

URL: https://github.com/puma/puma/security/advisories/GHSA-7xx3-m584-x994

Solution: upgrade to ~> 3.12.2, >= 4.3.1

Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
Open

    activesupport (4.2.5.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8165

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c

Solution: upgrade to ~> 5.2.4.3, >= 6.0.3.1

HTTP Response Splitting vulnerability in puma
Open

    puma (2.16.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-5247

Criticality: Medium

URL: https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v

Solution: upgrade to ~> 3.12.4, >= 4.3.3

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

    puma (2.16.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-11076

Criticality: High

URL: https://github.com/puma/puma/security/advisories/GHSA-x7jg-6pwg-fx5h

Solution: upgrade to ~> 3.12.5, >= 4.3.4

Potential XSS vulnerability in Action View
Open

    actionview (4.2.5.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-15169

URL: https://groups.google.com/g/rubyonrails-security/c/b-C9kSGXYrc

Solution: upgrade to >= 5.2.4.4, ~> 5.2.4, >= 6.0.3.3

OS Command Injection in Rake
Open

    rake (10.5.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8130

Criticality: High

URL: https://github.com/advisories/GHSA-jppv-gw3r-w3q8

Solution: upgrade to >= 12.3.3

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

    rack (1.6.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8184

URL: https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak

Solution: upgrade to ~> 2.1.4, >= 2.2.3

Directory traversal in Rack::Directory app bundled with Rack
Open

    rack (1.6.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8161

URL: https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA

Solution: upgrade to ~> 2.1.3, >= 2.2.0

Possible XSS vulnerability in ActionView
Open

    actionview (4.2.5.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-5267

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/55reWMM_Pg8

Solution: upgrade to >= 5.2.4.2, ~> 5.2.4, >= 6.0.2.2

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

    puma (2.16.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-11077

Criticality: Medium

URL: https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm

Solution: upgrade to ~> 3.12.6, >= 4.3.5

Possible Strong Parameters Bypass in ActionPack
Open

    actionpack (4.2.5.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8164

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY

Solution: upgrade to ~> 5.2.4.3, >= 6.0.3.1

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

    json (1.8.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-10663

URL: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/

Solution: upgrade to >= 2.3.0

rack-cors directory traversal via path
Open

    rack-cors (0.4.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-18978

URL: https://github.com/cyu/rack-cors/commit/e4d4fc362a4315808927011cbe5afcfe5486f17d

Solution: upgrade to >= 1.0.4

HTTP Response Splitting (Early Hints) in Puma
Open

    puma (2.16.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-5249

Criticality: Medium

URL: https://github.com/puma/puma/security/advisories/GHSA-33vf-4xgg-9r58

Solution: upgrade to ~> 3.12.4, >= 4.3.3

Nokogiri gem contains several vulnerabilities in libxml2 and libxslt
Open

    nokogiri (1.6.7.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2016-4658

Criticality: Critical

URL: https://github.com/sparklemotion/nokogiri/issues/1615

Solution: upgrade to >= 1.7.1

Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29
Open

    nokogiri (1.6.7.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2017-5029

URL: https://github.com/sparklemotion/nokogiri/issues/1634

Solution: upgrade to >= 1.7.2

Path Traversal in Sprockets
Open

    sprockets (3.5.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-3760

URL: https://groups.google.com/forum/#!topic/ruby-security-ann/2S9Pwz2i16k

Solution: upgrade to < 3.0.0, >= 2.12.5, < 4.0.0, >= 3.7.2, >= 4.0.0.beta8

Loofah XSS Vulnerability
Open

    loofah (2.0.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-16468

Criticality: Medium

URL: https://github.com/flavorjones/loofah/issues/154

Solution: upgrade to >= 2.2.3

Severity
Category
Status
Source
Language