Issues - manzhikov/yahoo_weather

Loofah XSS Vulnerability
Open

    loofah (2.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-15587

Criticality: Medium

URL: https://github.com/flavorjones/loofah/issues/171

Solution: upgrade to >= 2.3.1

Inefficient Regular Expression Complexity in Loofah
Open

    loofah (2.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23514

Criticality: High

URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-486f-hjj9-9vhh

Solution: upgrade to >= 2.19.1

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

    nokogiri (1.6.7.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-5477

Criticality: Critical

URL: https://github.com/sparklemotion/nokogiri/issues/1915

Solution: upgrade to >= 1.10.4

Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29
Open

    nokogiri (1.6.7.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2017-5029

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1634

Solution: upgrade to >= 1.7.2

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

    nokogiri (1.6.7.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-30560

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2

Solution: upgrade to >= 1.13.2

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

    nokogiri (1.6.7.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2017-15412

URL: https://github.com/sparklemotion/nokogiri/issues/1714

Solution: upgrade to >= 1.8.2

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23519

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h

Solution: upgrade to >= 1.4.4

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

    rails-html-sanitizer (1.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-32209

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/ce9PhUANQ6s

Solution: upgrade to >= 1.4.3

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23517

Criticality: High

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w

Solution: upgrade to >= 1.4.4

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

    nokogiri (1.6.7.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-26247

Criticality: Low

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m

Solution: upgrade to >= 1.11.0.rc4

Nokogiri gem contains several vulnerabilities in libxml2 and libxslt
Open

    nokogiri (1.6.7.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2016-4658

Criticality: Critical

URL: https://github.com/sparklemotion/nokogiri/issues/1615

Solution: upgrade to >= 1.7.1

Nokogiri gem, via libxml2, is affected by multiple vulnerabilities
Open

    nokogiri (1.6.7.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-14404

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1785

Solution: upgrade to >= 1.8.5

Improper Handling of Unexpected Data Type in Nokogiri
Open

    nokogiri (1.6.7.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-29181

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m

Solution: upgrade to >= 1.13.6

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

    nokogiri (1.6.7.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-41098

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h

Solution: upgrade to >= 1.12.5

Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities
Open

    nokogiri (1.6.7.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2017-9050

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1673

Solution: upgrade to >= 1.8.1

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

    nokogiri (1.6.7.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2017-16932

URL: https://github.com/sparklemotion/nokogiri/issues/1714

Solution: upgrade to >= 1.8.1

Loofah XSS Vulnerability
Open

    loofah (2.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-8048

Criticality: Medium

URL: https://github.com/flavorjones/loofah/issues/144

Solution: upgrade to >= 2.2.1

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

    nokogiri (1.6.7.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-13117

URL: https://github.com/sparklemotion/nokogiri/issues/1943

Solution: upgrade to >= 1.10.5

Path Traversal in Sprockets
Open

    sprockets (3.5.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-3760

Criticality: High

URL: https://groups.google.com/forum/#!topic/ruby-security-ann/2S9Pwz2i16k

Solution: upgrade to < 3.0.0, >= 2.12.5, < 4.0.0, >= 3.7.2, >= 4.0.0.beta8

Possible XSS vulnerability in Rack
Open

    rack (1.6.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-16471

URL: https://groups.google.com/forum/#!topic/ruby-security-ann/NAalCee8n6o

Solution: upgrade to ~> 1.6.11, >= 2.0.6

manzhikov/yahoo_weather

Showing 71 of 71 total issues

Loofah XSS Vulnerability
Open

Inefficient Regular Expression Complexity in Loofah
Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29
Open

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

Nokogiri gem contains several vulnerabilities in libxml2 and libxslt
Open

Nokogiri gem, via libxml2, is affected by multiple vulnerabilities
Open

Improper Handling of Unexpected Data Type in Nokogiri
Open

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities
Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

Loofah XSS Vulnerability
Open

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

Path Traversal in Sprockets
Open

Possible XSS vulnerability in Rack
Open

Severity

Category

Status

Source

Language

manzhikov/yahoo_weather

Showing 71 of 71 total issues

Loofah XSS Vulnerability Open

Inefficient Regular Expression Complexity in Loofah Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file Open

Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29 Open

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35) Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer Open

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer Open

Inefficient Regular Expression Complexity in rails-html-sanitizer Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability Open

Nokogiri gem contains several vulnerabilities in libxml2 and libxslt Open

Nokogiri gem, via libxml2, is affected by multiple vulnerabilities Open

Improper Handling of Unexpected Data Type in Nokogiri Open

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby Open

Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities Open

Loofah XSS Vulnerability Open

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities Open

Path Traversal in Sprockets Open

Possible XSS vulnerability in Rack Open

Severity

Category

Status

Source

Language

Loofah XSS Vulnerability
Open

Inefficient Regular Expression Complexity in Loofah
Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29
Open

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

Nokogiri gem contains several vulnerabilities in libxml2 and libxslt
Open

Nokogiri gem, via libxml2, is affected by multiple vulnerabilities
Open

Improper Handling of Unexpected Data Type in Nokogiri
Open

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities
Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

Loofah XSS Vulnerability
Open

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

Path Traversal in Sprockets
Open

Possible XSS vulnerability in Rack
Open