Showing 401 of 401 total issues
ReDoS based DoS vulnerability in GlobalID Open
globalid (0.4.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2023-22799
URL: https://github.com/rails/globalid/releases/tag/v1.0.1
Solution: upgrade to >= 1.0.1
Information Exposure with Puma when used with Rails Open
puma (3.10.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-23634
Criticality: High
URL: https://github.com/puma/puma/security/advisories/GHSA-rmj8-8hhh-gv5h
Solution: upgrade to ~> 4.3.11, >= 5.6.2
Keepalive Connections Causing Denial Of Service in puma Open
puma (3.10.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2021-29509
Criticality: High
URL: https://github.com/puma/puma/security/advisories/GHSA-q28m-8xjw-8vr5
Solution: upgrade to ~> 4.3.8, >= 5.3.1
XSS Vulnerability on closeText option of Dialog jQuery UI Open
jquery-ui-rails (5.0.5)
- Read upRead up
- Exclude checks
Advisory: CVE-2016-7103
Criticality: Medium
URL: https://github.com/jquery/api.jqueryui.com/issues/281
Solution: upgrade to >= 6.0.0
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma Open
puma (3.10.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2021-41136
Criticality: Low
URL: https://github.com/puma/puma/security/advisories/GHSA-48w2-rm65-62xx
Solution: upgrade to ~> 4.3.9, >= 5.5.1
HTTP Request Smuggling in puma Open
puma (3.10.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-24790
Criticality: Critical
URL: https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9
Solution: upgrade to ~> 4.3.12, >= 5.6.4
XML Injection in Xerces Java affects Nokogiri Open
nokogiri (1.8.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-23437
Criticality: Medium
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xxx9-3xcr-gjj3
Solution: upgrade to >= 1.13.4
Denial of Service (DoS) in Nokogiri on JRuby Open
nokogiri (1.8.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-24839
Criticality: High
URL: https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv
Solution: upgrade to >= 1.13.4
Improper Handling of Unexpected Data Type in Nokogiri Open
nokogiri (1.8.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-29181
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m
Solution: upgrade to >= 1.13.6
Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer Open
rails-html-sanitizer (1.0.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-32209
Criticality: Medium
URL: https://groups.google.com/g/rubyonrails-security/c/ce9PhUANQ6s
Solution: upgrade to >= 1.4.3
CSRF Vulnerability in rails-ujs Open
actionview (5.1.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-8167
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0
Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1
Out-of-bounds Write in zlib affects Nokogiri Open
nokogiri (1.8.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2018-25032
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5
Solution: upgrade to >= 1.13.4
Loofah XSS Vulnerability Open
loofah (2.0.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2018-16468
Criticality: Medium
URL: https://github.com/flavorjones/loofah/issues/154
Solution: upgrade to >= 2.2.3
Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file Open
nokogiri (1.8.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-5477
Criticality: Critical
URL: https://github.com/sparklemotion/nokogiri/issues/1915
Solution: upgrade to >= 1.10.4
Update packaged dependency libxml2 from 2.9.10 to 2.9.12 Open
nokogiri (1.8.0)
- Read upRead up
- Exclude checks
Advisory:
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64
Solution: upgrade to >= 1.11.4
rails_admin ruby gem XSS vulnerability Open
rails_admin (1.2.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2017-12098
Criticality: Medium
URL: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0450
Solution: upgrade to >= 1.3.0
rails_admin ruby gem XSS vulnerability Open
rails_admin (1.2.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-36190
Criticality: Medium
URL: https://github.com/sferik/rails_admin/commit/d72090ec6a07c3b9b7b48ab50f3d405f91ff4375
Solution: upgrade to ~> 1.4.3, >= 2.0.2
Denial of service in sidekiq Open
sidekiq (5.0.4)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-23837
Criticality: High
URL: https://github.com/mperham/sidekiq/commit/7785ac1399f1b28992adb56055f6acd88fd1d956
Solution: upgrade to >= 6.4.0, ~> 5.2.10
Nokogiri gem, via libxslt, is affected by multiple vulnerabilities Open
nokogiri (1.8.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-13117
URL: https://github.com/sparklemotion/nokogiri/issues/1943
Solution: upgrade to >= 1.10.5
Update bundled libxml2 to v2.10.3 to resolve multiple CVEs Open
nokogiri (1.8.0)
- Read upRead up
- Exclude checks
Advisory:
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw
Solution: upgrade to >= 1.13.9