Showing 72 of 72 total issues
ReDoS based DoS vulnerability in GlobalID Open
globalid (0.3.7)- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2023-22799
URL: https://github.com/rails/globalid/releases/tag/v1.0.1
Solution: upgrade to >= 1.0.1
Possible XSS vulnerability in ActionView Open
actionview (5.0.1)- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2020-5267
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/55reWMM_Pg8
Solution: upgrade to >= 5.2.4.2, ~> 5.2.4, >= 6.0.2.2
Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore Open
activesupport (5.0.1)- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2020-8165
Criticality: Critical
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c
Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1
Nokogiri gem, via libxslt, is affected by multiple vulnerabilities Open
nokogiri (1.7.0.1)- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2019-13117
URL: https://github.com/sparklemotion/nokogiri/issues/1943
Solution: upgrade to >= 1.10.5
Update packaged dependency libxml2 from 2.9.10 to 2.9.12 Open
nokogiri (1.7.0.1)- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory:
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64
Solution: upgrade to >= 1.11.4
Loofah XSS Vulnerability Open
loofah (2.0.3)- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2018-8048
Criticality: Medium
URL: https://github.com/flavorjones/loofah/issues/144
Solution: upgrade to >= 2.2.1
XML Injection in Xerces Java affects Nokogiri Open
nokogiri (1.7.0.1)- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2022-23437
Criticality: Medium
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xxx9-3xcr-gjj3
Solution: upgrade to >= 1.13.4
Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35) Open
nokogiri (1.7.0.1)- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2021-30560
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2
Solution: upgrade to >= 1.13.2
Ability to forge per-form CSRF tokens given a global CSRF token Open
actionpack (5.0.1)- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2020-8166
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw
Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1
Nokogiri gem, via libxml, is affected by DoS vulnerabilities Open
nokogiri (1.7.0.1)- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2017-15412
URL: https://github.com/sparklemotion/nokogiri/issues/1714
Solution: upgrade to >= 1.8.2
Nokogiri gem, via libxml, is affected by DoS vulnerabilities Open
nokogiri (1.7.0.1)- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2017-16932
URL: https://github.com/sparklemotion/nokogiri/issues/1714
Solution: upgrade to >= 1.8.1
Denial of Service (DoS) in Nokogiri on JRuby Open
nokogiri (1.7.0.1)- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2022-24839
Criticality: High
URL: https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv
Solution: upgrade to >= 1.13.4
Nokogiri gem, via libxslt, is affected by improper access control vulnerability Open
nokogiri (1.7.0.1)- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2019-11068
URL: https://github.com/sparklemotion/nokogiri/issues/1892
Solution: upgrade to >= 1.10.3
Inefficient Regular Expression Complexity in Nokogiri Open
nokogiri (1.7.0.1)- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2022-24836
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8
Solution: upgrade to >= 1.13.4
OS Command Injection in Rake Open
rake (12.0.0)- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2020-8130
Criticality: High
URL: https://github.com/advisories/GHSA-jppv-gw3r-w3q8
Solution: upgrade to >= 12.3.3
libxml2 2.9.10 has an infinite loop in a certain end-of-file situation Open
nokogiri (1.7.0.1)- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2020-7595
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/issues/1992
Solution: upgrade to >= 1.10.8
Out-of-bounds Write in zlib affects Nokogiri Open
nokogiri (1.7.0.1)- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2018-25032
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5
Solution: upgrade to >= 1.13.4
Loofah XSS Vulnerability Open
loofah (2.0.3)- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2018-16468
Criticality: Medium
URL: https://github.com/flavorjones/loofah/issues/154
Solution: upgrade to >= 2.2.3
Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file Open
nokogiri (1.7.0.1)- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2019-5477
Criticality: Critical
URL: https://github.com/sparklemotion/nokogiri/issues/1915
Solution: upgrade to >= 1.10.4
ReDoS based DoS vulnerability in Action Dispatch Open
actionpack (5.0.1)- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2023-22792
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1