Showing 1,127 of 1,127 total issues
Nokogiri gem contains several vulnerabilities in libxml2 and libxslt Open
nokogiri (1.6.7.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2016-4658
Criticality: Critical
URL: https://github.com/sparklemotion/nokogiri/issues/1615
Solution: upgrade to >= 1.7.1
Update bundled libxml2 to v2.10.3 to resolve multiple CVEs Open
nokogiri (1.6.7.2)
- Read upRead up
- Exclude checks
Advisory:
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw
Solution: upgrade to >= 1.13.9
Nokogiri gem, via libxslt, is affected by improper access control vulnerability Open
nokogiri (1.6.7.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-11068
URL: https://github.com/sparklemotion/nokogiri/issues/1892
Solution: upgrade to >= 1.10.3
Inefficient Regular Expression Complexity in Nokogiri Open
nokogiri (1.6.7.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-24836
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8
Solution: upgrade to >= 1.13.4
Path Traversal in Sprockets Open
sprockets (3.5.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2018-3760
Criticality: High
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/2S9Pwz2i16k
Solution: upgrade to < 3.0.0, >= 2.12.5, < 4.0.0, >= 3.7.2, >= 4.0.0.beta8
Potential XSS vulnerability in jQuery Open
jquery-rails (4.1.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-11023
Criticality: Medium
URL: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released
Solution: upgrade to >= 4.4.0
Nokogiri gem, via libxml, is affected by DoS vulnerabilities Open
nokogiri (1.6.7.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2017-15412
URL: https://github.com/sparklemotion/nokogiri/issues/1714
Solution: upgrade to >= 1.8.2
Inefficient Regular Expression Complexity in Loofah Open
loofah (2.0.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-23514
Criticality: High
URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-486f-hjj9-9vhh
Solution: upgrade to >= 2.19.1
XSS vulnerability in bootstrap-sass Open
bootstrap-sass (3.2.0.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-8331
Criticality: Medium
URL: https://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/
Solution: upgrade to >= 3.4.1
Race condition when using persistent connections Open
excon (0.49.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-16779
Criticality: Medium
URL: https://github.com/excon/excon/security/advisories/GHSA-q58g-455p-8vw9
Solution: upgrade to >= 0.71.0
Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability Open
nokogiri (1.6.7.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-26247
Criticality: Low
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m
Solution: upgrade to >= 1.11.0.rc4
Revert libxml2 behavior in Nokogiri gem that could cause XSS Open
nokogiri (1.6.7.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2018-8048
URL: https://github.com/sparklemotion/nokogiri/pull/1746
Solution: upgrade to >= 1.8.3
Inefficient Regular Expression Complexity in rails-html-sanitizer Open
rails-html-sanitizer (1.0.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-23517
Criticality: High
URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w
Solution: upgrade to >= 1.4.4
XSS vulnerability via data-target in bootstrap-sass Open
bootstrap-sass (3.2.0.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2016-10735
Criticality: Medium
URL: https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/
Solution: upgrade to >= 3.4.0
Remote command execution via filename Open
mini_magick (4.5.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-13574
Criticality: High
URL: https://benjamin-bouchet.com/blog/vulnerabilite-dans-la-gem-mini_magick-version-4-9-4/
Solution: upgrade to >= 4.9.4
Moderate severity vulnerability that affects nokogiri Open
nokogiri (1.6.7.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2017-18258
Criticality: Medium
URL: https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb
Solution: upgrade to >= 1.8.2
Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file Open
nokogiri (1.6.7.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-5477
Criticality: Critical
URL: https://github.com/sparklemotion/nokogiri/issues/1915
Solution: upgrade to >= 1.10.4
Nokogiri gem, via libxml, is affected by DoS vulnerabilities Open
nokogiri (1.6.7.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2017-16932
URL: https://github.com/sparklemotion/nokogiri/issues/1714
Solution: upgrade to >= 1.8.1
Improper Handling of Unexpected Data Type in Nokogiri Open
nokogiri (1.6.7.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-29181
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m
Solution: upgrade to >= 1.13.6
Improper neutralization of data URIs may allow XSS in rails-html-sanitizer Open
rails-html-sanitizer (1.0.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-23518
Criticality: Medium
URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m
Solution: upgrade to >= 1.4.4