Issues - marceloboeira/feedcast

Potential XSS vulnerability in Action View
Open

    actionview (5.1.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-15169

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/b-C9kSGXYrc

Solution: upgrade to >= 5.2.4.4, ~> 5.2.4, >= 6.0.3.3

rails_admin ruby gem XSS vulnerability
Open

    rails_admin (1.2.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-36190

Criticality: Medium

URL: https://github.com/sferik/rails_admin/commit/d72090ec6a07c3b9b7b48ab50f3d405f91ff4375

Solution: upgrade to ~> 1.4.3, >= 2.0.2

Possible Information Disclosure / Unintended Method Execution in Action Pack
Open

    actionpack (5.1.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-22885

Criticality: High

URL: https://groups.google.com/g/rubyonrails-security/c/NiQl-48cXYI

Solution: upgrade to ~> 5.2.4.6, ~> 5.2.6, >= 6.0.3.7, ~> 6.0.3, >= 6.1.3.2

libxml2 2.9.10 has an infinite loop in a certain end-of-file situation
Open

    nokogiri (1.8.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-7595

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1992

Solution: upgrade to >= 1.10.8

Possible XSS vulnerability in ActionView
Open

    actionview (5.1.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-5267

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/55reWMM_Pg8

Solution: upgrade to >= 5.2.4.2, ~> 5.2.4, >= 6.0.2.2

Potential XSS vulnerability in jQuery
Open

    jquery-rails (4.3.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-11023

Criticality: Medium

URL: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released

Solution: upgrade to >= 4.4.0

Improper Handling of Unexpected Data Type in Nokogiri
Open

    nokogiri (1.8.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-29181

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m

Solution: upgrade to >= 1.13.6

Cross-Site Scripting in Kaminari via `original_script_name` parameter
Open

    kaminari (1.0.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-11082

Criticality: Medium

URL: https://github.com/kaminari/kaminari/security/advisories/GHSA-r5jw-62xg-j433

Solution: upgrade to >= 1.2.1

Out-of-bounds Write in zlib affects Nokogiri
Open

    nokogiri (1.8.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-25032

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5

Solution: upgrade to >= 1.13.4

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

    nokogiri (1.8.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-5477

Criticality: Critical

URL: https://github.com/sparklemotion/nokogiri/issues/1915

Solution: upgrade to >= 1.10.4

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

    nokogiri (1.8.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64

Solution: upgrade to >= 1.11.4

HTTP Response Splitting vulnerability in puma
Open

    puma (3.10.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-5247

Criticality: Medium

URL: https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v

Solution: upgrade to ~> 3.12.4, >= 4.3.3

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

    rails-html-sanitizer (1.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-32209

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/ce9PhUANQ6s

Solution: upgrade to >= 1.4.3

Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
Open

    activesupport (5.1.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8165

Criticality: Critical

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

    nokogiri (1.8.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw

Solution: upgrade to >= 1.13.9

Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Open

    nokogiri (1.8.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-11068

URL: https://github.com/sparklemotion/nokogiri/issues/1892

Solution: upgrade to >= 1.10.3

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

    puma (3.10.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-11077

Criticality: Medium

URL: https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm

Solution: upgrade to ~> 3.12.6, >= 4.3.5

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23519

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h

Solution: upgrade to >= 1.4.4

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23517

Criticality: High

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w

Solution: upgrade to >= 1.4.4

OS Command Injection in Rake
Open

    rake (12.0.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8130

Criticality: High

URL: https://github.com/advisories/GHSA-jppv-gw3r-w3q8

Solution: upgrade to >= 12.3.3

marceloboeira/feedcast

Showing 401 of 401 total issues

Potential XSS vulnerability in Action View
Open

rails_admin ruby gem XSS vulnerability
Open

Possible Information Disclosure / Unintended Method Execution in Action Pack
Open

libxml2 2.9.10 has an infinite loop in a certain end-of-file situation
Open

Possible XSS vulnerability in ActionView
Open

Potential XSS vulnerability in jQuery
Open

Improper Handling of Unexpected Data Type in Nokogiri
Open

Cross-Site Scripting in Kaminari via `original_script_name` parameter
Open

Out-of-bounds Write in zlib affects Nokogiri
Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

HTTP Response Splitting vulnerability in puma
Open

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Open

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

OS Command Injection in Rake
Open

Severity

Category

Status

Source

Language

marceloboeira/feedcast

Showing 401 of 401 total issues

Potential XSS vulnerability in Action View Open

rails_admin ruby gem XSS vulnerability Open

Possible Information Disclosure / Unintended Method Execution in Action Pack Open

libxml2 2.9.10 has an infinite loop in a certain end-of-file situation Open

Possible XSS vulnerability in ActionView Open

Potential XSS vulnerability in jQuery Open

Improper Handling of Unexpected Data Type in Nokogiri Open

Cross-Site Scripting in Kaminari via original_script_name parameter Open

Out-of-bounds Write in zlib affects Nokogiri Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12 Open

HTTP Response Splitting vulnerability in puma Open

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer Open

Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs Open

Nokogiri gem, via libxslt, is affected by improper access control vulnerability Open

HTTP Smuggling via Transfer-Encoding Header in Puma Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer Open

Inefficient Regular Expression Complexity in rails-html-sanitizer Open

OS Command Injection in Rake Open

Severity

Category

Status

Source

Language

Potential XSS vulnerability in Action View
Open

rails_admin ruby gem XSS vulnerability
Open

Possible Information Disclosure / Unintended Method Execution in Action Pack
Open

libxml2 2.9.10 has an infinite loop in a certain end-of-file situation
Open

Possible XSS vulnerability in ActionView
Open

Potential XSS vulnerability in jQuery
Open

Improper Handling of Unexpected Data Type in Nokogiri
Open

Cross-Site Scripting in Kaminari via `original_script_name` parameter
Open

Out-of-bounds Write in zlib affects Nokogiri
Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

HTTP Response Splitting vulnerability in puma
Open

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Open

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

OS Command Injection in Rake
Open