Sign upLogin

lightthefuserun/cloaked

View on GitHub
Star

Showing 10 of 10 total issues

OS Command Injection in Rake
Open

    rake (10.5.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8130

Criticality: High

URL: https://github.com/advisories/GHSA-jppv-gw3r-w3q8

Solution: upgrade to >= 12.3.3

Regular Expression Denial of Service in Addressable templates
Open

    addressable (2.7.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-32740

Criticality: High

URL: https://github.com/advisories/GHSA-jxhc-q857-3j6g

Solution: upgrade to >= 2.8.0

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

    activerecord (6.0.2.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-44566

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

ReDoS based DoS vulnerability in Active Support’s underscore
Open

    activesupport (6.0.2.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2023-22796

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Possible DoS Vulnerability in Active Record PostgreSQL adapter
Open

    activerecord (6.0.2.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-22880

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/ZzUqCh9vyhI

Solution: upgrade to >= 5.2.4.5, ~> 5.2.4, >= 6.0.3.5, ~> 6.0.3, >= 6.1.2.1

Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
Open

    activesupport (6.0.2.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8165

Criticality: Critical

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

TZInfo relative path traversal vulnerability allows loading of arbitrary files
Open

    tzinfo (1.2.5)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-31163

Criticality: High

URL: https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx

Solution: upgrade to ~> 0.3.61, >= 1.2.10

Possible RCE escalation bug with Serialized Columns in Active Record
Open

    activerecord (6.0.2.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-32224

Criticality: Critical

URL: https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U

Solution: upgrade to >= 5.2.8.1, ~> 5.2.8, >= 6.0.5.1, ~> 6.0.5, >= 6.1.6.1, ~> 6.1.6, >= 7.0.3.1

SQL Injection Vulnerability via ActiveRecord comments
Open

    activerecord (6.0.2.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2023-22794

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 6.0.6.1, ~> 6.0.6, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Freeze mutable objects assigned to constants.
Open

  VERSION = '0.2.0'
Severity: Minor
Found in lib/cloaked/version.rb by rubocop

This cop checks whether some constant value isn't a mutable literal (e.g. array or hash).

Example:

# bad
CONST = [1, 2, 3]

# good
CONST = [1, 2, 3].freeze
Severity
Category
Status
Source
Language