Issues - marceloboeira/feedcast

ReDoS based DoS vulnerability in GlobalID
Open

    globalid (0.4.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2023-22799

URL: https://github.com/rails/globalid/releases/tag/v1.0.1

Solution: upgrade to >= 1.0.1

Information Exposure with Puma when used with Rails
Open

    puma (3.10.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23634

Criticality: High

URL: https://github.com/puma/puma/security/advisories/GHSA-rmj8-8hhh-gv5h

Solution: upgrade to ~> 4.3.11, >= 5.6.2

Keepalive Connections Causing Denial Of Service in puma
Open

    puma (3.10.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-29509

Criticality: High

URL: https://github.com/puma/puma/security/advisories/GHSA-q28m-8xjw-8vr5

Solution: upgrade to ~> 4.3.8, >= 5.3.1

XSS Vulnerability on closeText option of Dialog jQuery UI
Open

    jquery-ui-rails (5.0.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2016-7103

Criticality: Medium

URL: https://github.com/jquery/api.jqueryui.com/issues/281

Solution: upgrade to >= 6.0.0

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma
Open

    puma (3.10.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-41136

Criticality: Low

URL: https://github.com/puma/puma/security/advisories/GHSA-48w2-rm65-62xx

Solution: upgrade to ~> 4.3.9, >= 5.5.1

HTTP Request Smuggling in puma
Open

    puma (3.10.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-24790

Criticality: Critical

URL: https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9

Solution: upgrade to ~> 4.3.12, >= 5.6.4

XML Injection in Xerces Java affects Nokogiri
Open

    nokogiri (1.8.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23437

Criticality: Medium

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xxx9-3xcr-gjj3

Solution: upgrade to >= 1.13.4

Denial of Service (DoS) in Nokogiri on JRuby
Open

    nokogiri (1.8.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-24839

Criticality: High

URL: https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv

Solution: upgrade to >= 1.13.4

Improper Handling of Unexpected Data Type in Nokogiri
Open

    nokogiri (1.8.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-29181

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m

Solution: upgrade to >= 1.13.6

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

    rails-html-sanitizer (1.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-32209

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/ce9PhUANQ6s

Solution: upgrade to >= 1.4.3

CSRF Vulnerability in rails-ujs
Open

    actionview (5.1.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8167

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

Out-of-bounds Write in zlib affects Nokogiri
Open

    nokogiri (1.8.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-25032

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5

Solution: upgrade to >= 1.13.4

Loofah XSS Vulnerability
Open

    loofah (2.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-16468

Criticality: Medium

URL: https://github.com/flavorjones/loofah/issues/154

Solution: upgrade to >= 2.2.3

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

    nokogiri (1.8.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-5477

Criticality: Critical

URL: https://github.com/sparklemotion/nokogiri/issues/1915

Solution: upgrade to >= 1.10.4

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

    nokogiri (1.8.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64

Solution: upgrade to >= 1.11.4

rails_admin ruby gem XSS vulnerability
Open

    rails_admin (1.2.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2017-12098

Criticality: Medium

URL: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0450

Solution: upgrade to >= 1.3.0

rails_admin ruby gem XSS vulnerability
Open

    rails_admin (1.2.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-36190

Criticality: Medium

URL: https://github.com/sferik/rails_admin/commit/d72090ec6a07c3b9b7b48ab50f3d405f91ff4375

Solution: upgrade to ~> 1.4.3, >= 2.0.2

Denial of service in sidekiq
Open

    sidekiq (5.0.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23837

Criticality: High

URL: https://github.com/mperham/sidekiq/commit/7785ac1399f1b28992adb56055f6acd88fd1d956

Solution: upgrade to >= 6.4.0, ~> 5.2.10

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

    nokogiri (1.8.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-13117

URL: https://github.com/sparklemotion/nokogiri/issues/1943

Solution: upgrade to >= 1.10.5

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

    nokogiri (1.8.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw

Solution: upgrade to >= 1.13.9

marceloboeira/feedcast

Showing 401 of 401 total issues

ReDoS based DoS vulnerability in GlobalID
Open

Information Exposure with Puma when used with Rails
Open

Keepalive Connections Causing Denial Of Service in puma
Open

XSS Vulnerability on closeText option of Dialog jQuery UI
Open

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma
Open

HTTP Request Smuggling in puma
Open

XML Injection in Xerces Java affects Nokogiri
Open

Denial of Service (DoS) in Nokogiri on JRuby
Open

Improper Handling of Unexpected Data Type in Nokogiri
Open

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

CSRF Vulnerability in rails-ujs
Open

Out-of-bounds Write in zlib affects Nokogiri
Open

Loofah XSS Vulnerability
Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

rails_admin ruby gem XSS vulnerability
Open

rails_admin ruby gem XSS vulnerability
Open

Denial of service in sidekiq
Open

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

Severity

Category

Status

Source

Language

marceloboeira/feedcast

Showing 401 of 401 total issues

ReDoS based DoS vulnerability in GlobalID Open

Information Exposure with Puma when used with Rails Open

Keepalive Connections Causing Denial Of Service in puma Open

XSS Vulnerability on closeText option of Dialog jQuery UI Open

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma Open

HTTP Request Smuggling in puma Open

XML Injection in Xerces Java affects Nokogiri Open

Denial of Service (DoS) in Nokogiri on JRuby Open

Improper Handling of Unexpected Data Type in Nokogiri Open

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer Open

CSRF Vulnerability in rails-ujs Open

Out-of-bounds Write in zlib affects Nokogiri Open

Loofah XSS Vulnerability Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12 Open

rails_admin ruby gem XSS vulnerability Open

rails_admin ruby gem XSS vulnerability Open

Denial of service in sidekiq Open

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs Open

Severity

Category

Status

Source

Language

ReDoS based DoS vulnerability in GlobalID
Open

Information Exposure with Puma when used with Rails
Open

Keepalive Connections Causing Denial Of Service in puma
Open

XSS Vulnerability on closeText option of Dialog jQuery UI
Open

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma
Open

HTTP Request Smuggling in puma
Open

XML Injection in Xerces Java affects Nokogiri
Open

Denial of Service (DoS) in Nokogiri on JRuby
Open

Improper Handling of Unexpected Data Type in Nokogiri
Open

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

CSRF Vulnerability in rails-ujs
Open

Out-of-bounds Write in zlib affects Nokogiri
Open

Loofah XSS Vulnerability
Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

rails_admin ruby gem XSS vulnerability
Open

rails_admin ruby gem XSS vulnerability
Open

Denial of service in sidekiq
Open

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open