Showing 79 of 79 total issues
Directory traversal in Rack::Directory app bundled with Rack Open
rack (2.0.0.rc1)- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2020-8161
Criticality: High
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA
Solution: upgrade to ~> 2.1.3, >= 2.2.0
Inefficient Regular Expression Complexity in rails-html-sanitizer Open
rails-html-sanitizer (1.0.3)- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2022-23517
Criticality: High
URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w
Solution: upgrade to >= 1.4.4
ReDoS based DoS vulnerability in Action Dispatch Open
actionpack (5.0.0.rc1)- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2023-22792
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1
Regular Expression Denial of Service in Addressable templates Open
addressable (2.4.0)- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2021-32740
Criticality: High
URL: https://github.com/advisories/GHSA-jxhc-q857-3j6g
Solution: upgrade to >= 2.8.0
Inefficient Regular Expression Complexity in Loofah Open
loofah (2.0.3)- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2022-23514
Criticality: High
URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-486f-hjj9-9vhh
Solution: upgrade to >= 2.19.1
Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities Open
nokogiri (1.6.7.2)- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2017-9050
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/issues/1673
Solution: upgrade to >= 1.8.1
Revert libxml2 behavior in Nokogiri gem that could cause XSS Open
nokogiri (1.6.7.2)- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2018-8048
URL: https://github.com/sparklemotion/nokogiri/pull/1746
Solution: upgrade to >= 1.8.3
Possible XSS vulnerability with certain configurations of rails-html-sanitizer Open
rails-html-sanitizer (1.0.3)- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2022-23519
Criticality: Medium
URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h
Solution: upgrade to >= 1.4.4
Possible DoS Vulnerability in Action Controller Token Authentication Open
actionpack (5.0.0.rc1)- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2021-22904
Criticality: High
URL: https://groups.google.com/g/rubyonrails-security/c/Pf1TjkOBdyQ
Solution: upgrade to ~> 5.2.4.6, ~> 5.2.6, >= 6.0.3.7, ~> 6.0.3, >= 6.1.3.2
RuboCop gem Insecure use of /tmp Open
rubocop (0.40.0)- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2017-8418
Criticality: Low
URL: https://github.com/bbatsov/rubocop/issues/4336
Solution: upgrade to >= 0.49.0
Possible XSS vulnerability in ActionView Open
actionview (5.0.0.rc1)- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2020-5267
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/55reWMM_Pg8
Solution: upgrade to >= 5.2.4.2, ~> 5.2.4, >= 6.0.2.2
Nokogiri gem, via libxslt, is affected by multiple vulnerabilities Open
nokogiri (1.6.7.2)- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2019-13117
URL: https://github.com/sparklemotion/nokogiri/issues/1943
Solution: upgrade to >= 1.10.5
Denial of Service (DoS) in Nokogiri on JRuby Open
nokogiri (1.6.7.2)- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2022-24839
Criticality: High
URL: https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv
Solution: upgrade to >= 1.13.4
Improper neutralization of data URIs may allow XSS in rails-html-sanitizer Open
rails-html-sanitizer (1.0.3)- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2022-23518
Criticality: Medium
URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m
Solution: upgrade to >= 1.4.4
Loofah XSS Vulnerability Open
loofah (2.0.3)- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2018-8048
Criticality: Medium
URL: https://github.com/flavorjones/loofah/issues/144
Solution: upgrade to >= 2.2.1
Update packaged dependency libxml2 from 2.9.10 to 2.9.12 Open
nokogiri (1.6.7.2)- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory:
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64
Solution: upgrade to >= 1.11.4
Nokogiri gem, via libxml, is affected by DoS vulnerabilities Open
nokogiri (1.6.7.2)- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2017-16932
URL: https://github.com/sparklemotion/nokogiri/issues/1714
Solution: upgrade to >= 1.8.1
Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer Open
rails-html-sanitizer (1.0.3)- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2022-32209
Criticality: Medium
URL: https://groups.google.com/g/rubyonrails-security/c/ce9PhUANQ6s
Solution: upgrade to >= 1.4.3
ReDoS based DoS vulnerability in Action Dispatch Open
actionpack (5.0.0.rc1)- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2023-22795
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1
Arbitrary path traversal and file access via yard server Open
yard (0.8.7.6)- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2019-1020001
Criticality: High
URL: https://github.com/lsegal/yard/security/advisories/GHSA-xfhh-rx56-rxcr
Solution: upgrade to >= 0.9.20