Showing 1,127 of 1,127 total issues
Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29 Open
nokogiri (1.6.7.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2017-5029
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/issues/1634
Solution: upgrade to >= 1.7.2
Insecure Source URI found: git://github.com/spohlenz/tinymce-rails.git Open
remote: git://github.com/spohlenz/tinymce-rails.git
- Exclude checks
Potential XSS vulnerability in jQuery Open
jquery-rails (4.1.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-11023
Criticality: Medium
URL: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released
Solution: upgrade to >= 4.4.0
Loofah XSS Vulnerability Open
loofah (2.0.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2018-16468
Criticality: Medium
URL: https://github.com/flavorjones/loofah/issues/154
Solution: upgrade to >= 2.2.3
Race condition when using persistent connections Open
excon (0.49.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-16779
Criticality: Medium
URL: https://github.com/excon/excon/security/advisories/GHSA-q58g-455p-8vw9
Solution: upgrade to >= 0.71.0
Loofah XSS Vulnerability Open
loofah (2.0.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2018-8048
Criticality: Medium
URL: https://github.com/flavorjones/loofah/issues/144
Solution: upgrade to >= 2.2.1
Nokogiri gem, via libxslt, is affected by multiple vulnerabilities Open
nokogiri (1.6.7.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-13117
URL: https://github.com/sparklemotion/nokogiri/issues/1943
Solution: upgrade to >= 1.10.5
Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities Open
nokogiri (1.6.7.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2017-9050
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/issues/1673
Solution: upgrade to >= 1.8.1
Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer Open
rails-html-sanitizer (1.0.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-32209
Criticality: Medium
URL: https://groups.google.com/g/rubyonrails-security/c/ce9PhUANQ6s
Solution: upgrade to >= 1.4.3
Loofah XSS Vulnerability Open
loofah (2.0.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-15587
Criticality: Medium
URL: https://github.com/flavorjones/loofah/issues/171
Solution: upgrade to >= 2.3.1
Nokogiri gem, via libxml2, is affected by multiple vulnerabilities Open
nokogiri (1.6.7.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2018-14404
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/issues/1785
Solution: upgrade to >= 1.8.5
Moderate severity vulnerability that affects nokogiri Open
nokogiri (1.6.7.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2017-18258
Criticality: Medium
URL: https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb
Solution: upgrade to >= 1.8.2
Improper Handling of Unexpected Data Type in Nokogiri Open
nokogiri (1.6.7.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-29181
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m
Solution: upgrade to >= 1.13.6
Nokogiri gem contains several vulnerabilities in libxml2 and libxslt Open
nokogiri (1.6.7.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2016-4658
Criticality: Critical
URL: https://github.com/sparklemotion/nokogiri/issues/1615
Solution: upgrade to >= 1.7.1
OmniAuth's lib/omniauth/failure_endpoint.rb
does not escape message_key
value Open
omniauth (1.3.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-36599
Criticality: Critical
Solution: upgrade to ~> 1.9.2, >= 2.0.0
Assignment Branch Condition size for update is too high. [46.59/15] Open
def update
game = GivingGame.find(params[:id])
gp = game_params
begin
if gp[:expiration_time]
- Read upRead up
- Exclude checks
This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric
Method has too many lines. [41/10] Open
def path_to(page_name)
case page_name
when /^the home\s?page$/
'/'
- Read upRead up
- Exclude checks
This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
Assignment Branch Condition size for check_if_played_and_reroute is too high. [44.84/15] Open
def check_if_played_and_reroute
game = GivingGame.find(params[:id])
if !game.tutorial
if current_user.present? and current_user.played_games.include? game.id
- Read upRead up
- Exclude checks
This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric
Method has too many lines. [38/10] Open
def create
success = true
gp = game_params
begin
if gp[:expiration_time]
- Read upRead up
- Exclude checks
This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
Assignment Branch Condition size for create is too high. [40.01/15] Open
def create
success = true
gp = game_params
begin
if gp[:expiration_time]
- Read upRead up
- Exclude checks
This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric