Issues - macbury/gse - Code Climate

Possible Information Disclosure / Unintended Method Execution in Action Pack
Open

    actionpack (5.0.0.rc1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-22885

Criticality: High

URL: https://groups.google.com/g/rubyonrails-security/c/NiQl-48cXYI

Solution: upgrade to ~> 5.2.4.6, ~> 5.2.6, >= 6.0.3.7, ~> 6.0.3, >= 6.1.3.2

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

    nokogiri (1.6.7.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-5477

Criticality: Critical

URL: https://github.com/sparklemotion/nokogiri/issues/1915

Solution: upgrade to >= 1.10.4

Nokogiri gem, via libxml2, is affected by multiple vulnerabilities
Open

    nokogiri (1.6.7.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-14404

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1785

Solution: upgrade to >= 1.8.5

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

    nokogiri (1.6.7.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-41098

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h

Solution: upgrade to >= 1.12.5

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23520

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8

Solution: upgrade to >= 1.4.4

Path Traversal in Sprockets
Open

    sprockets (3.6.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-3760

Criticality: High

URL: https://groups.google.com/forum/#!topic/ruby-security-ann/2S9Pwz2i16k

Solution: upgrade to < 3.0.0, >= 2.12.5, < 4.0.0, >= 3.7.2, >= 4.0.0.beta8

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

    activerecord (5.0.0.rc1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-44566

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

XML Injection in Xerces Java affects Nokogiri
Open

    nokogiri (1.6.7.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23437

Criticality: Medium

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xxx9-3xcr-gjj3

Solution: upgrade to >= 1.13.4

Nokogiri gem contains several vulnerabilities in libxml2 and libxslt
Open

    nokogiri (1.6.7.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2016-4658

Criticality: Critical

URL: https://github.com/sparklemotion/nokogiri/issues/1615

Solution: upgrade to >= 1.7.1

Possible DoS Vulnerability in Active Record PostgreSQL adapter
Open

    activerecord (5.0.0.rc1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-22880

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/ZzUqCh9vyhI

Solution: upgrade to >= 5.2.4.5, ~> 5.2.4, >= 6.0.3.5, ~> 6.0.3, >= 6.1.2.1

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

    nokogiri (1.6.7.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-30560

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2

Solution: upgrade to >= 1.13.2

Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Open

    nokogiri (1.6.7.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-11068

URL: https://github.com/sparklemotion/nokogiri/issues/1892

Solution: upgrade to >= 1.10.3

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

    rack (2.0.0.rc1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8184

Criticality: High

URL: https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak

Solution: upgrade to ~> 2.1.4, >= 2.2.3

Older releases of better_errors open to Cross-Site Request Forgery attack
Open

    better_errors (2.1.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-39197

Criticality: Medium

URL: https://github.com/BetterErrors/better_errors/security/advisories/GHSA-w3j4-76qw-wwjm

Solution: upgrade to >= 2.8.0

i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS
Open

    i18n (0.7.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2014-10077

URL: https://github.com/svenfuchs/i18n/pull/289

Solution: upgrade to >= 0.8.0

Inefficient Regular Expression Complexity in Nokogiri
Open

    nokogiri (1.6.7.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-24836

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8

Solution: upgrade to >= 1.13.4

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

    nokogiri (1.6.7.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2017-15412

URL: https://github.com/sparklemotion/nokogiri/issues/1714

Solution: upgrade to >= 1.8.2

Possible XSS Vulnerability in Action View tag helpers
Open

    actionview (5.0.0.rc1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-27777

Criticality: Medium

URL: https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw

Solution: upgrade to >= 5.2.7.1, ~> 5.2.7, >= 6.0.4.8, ~> 6.0.4, >= 6.1.5.1, ~> 6.1.5, >= 7.0.2.4

CSRF Vulnerability in rails-ujs
Open

    actionview (5.0.0.rc1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8167

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

Out-of-bounds Write in zlib affects Nokogiri
Open

    nokogiri (1.6.7.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-25032

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5

Solution: upgrade to >= 1.13.4

macbury/gse

Showing 79 of 79 total issues

Possible Information Disclosure / Unintended Method Execution in Action Pack
Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

Nokogiri gem, via libxml2, is affected by multiple vulnerabilities
Open

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

Path Traversal in Sprockets
Open

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

XML Injection in Xerces Java affects Nokogiri
Open

Nokogiri gem contains several vulnerabilities in libxml2 and libxslt
Open

Possible DoS Vulnerability in Active Record PostgreSQL adapter
Open

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Open

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

Older releases of better_errors open to Cross-Site Request Forgery attack
Open

i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS
Open

Inefficient Regular Expression Complexity in Nokogiri
Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

Possible XSS Vulnerability in Action View tag helpers
Open

CSRF Vulnerability in rails-ujs
Open

Out-of-bounds Write in zlib affects Nokogiri
Open

Severity

Category

Status

Source

Language

macbury/gse

Showing 79 of 79 total issues

Possible Information Disclosure / Unintended Method Execution in Action Pack Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file Open

Nokogiri gem, via libxml2, is affected by multiple vulnerabilities Open

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer Open

Path Traversal in Sprockets Open

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter Open

XML Injection in Xerces Java affects Nokogiri Open

Nokogiri gem contains several vulnerabilities in libxml2 and libxslt Open

Possible DoS Vulnerability in Active Record PostgreSQL adapter Open

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35) Open

Nokogiri gem, via libxslt, is affected by improper access control vulnerability Open

Percent-encoded cookies can be used to overwrite existing prefixed cookie names Open

Older releases of better_errors open to Cross-Site Request Forgery attack Open

i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS Open

Inefficient Regular Expression Complexity in Nokogiri Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities Open

Possible XSS Vulnerability in Action View tag helpers Open

CSRF Vulnerability in rails-ujs Open

Out-of-bounds Write in zlib affects Nokogiri Open

Severity

Category

Status

Source

Language

Possible Information Disclosure / Unintended Method Execution in Action Pack
Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

Nokogiri gem, via libxml2, is affected by multiple vulnerabilities
Open

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

Path Traversal in Sprockets
Open

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

XML Injection in Xerces Java affects Nokogiri
Open

Nokogiri gem contains several vulnerabilities in libxml2 and libxslt
Open

Possible DoS Vulnerability in Active Record PostgreSQL adapter
Open

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Open

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

Older releases of better_errors open to Cross-Site Request Forgery attack
Open

i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS
Open

Inefficient Regular Expression Complexity in Nokogiri
Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

Possible XSS Vulnerability in Action View tag helpers
Open

CSRF Vulnerability in rails-ujs
Open

Out-of-bounds Write in zlib affects Nokogiri
Open