Showing 2,044 of 2,044 total issues
Denial of Service (DoS) in Nokogiri on JRuby Open
nokogiri (1.8.1)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2022-24839
Criticality: High
URL: https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv
Solution: upgrade to >= 1.13.4
Improper Handling of Unexpected Data Type in Nokogiri Open
nokogiri (1.8.1)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2022-29181
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m
Solution: upgrade to >= 1.13.6
HTTP Response Splitting vulnerability in puma Open
puma (3.10.0)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2020-5247
Criticality: Medium
URL: https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v
Solution: upgrade to ~> 3.12.4, >= 4.3.3
HTTP Smuggling via Transfer-Encoding Header in Puma Open
puma (3.10.0)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2020-11077
Criticality: Medium
URL: https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm
Solution: upgrade to ~> 3.12.6, >= 4.3.5
Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer Open
rails-html-sanitizer (1.0.3)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2022-32209
Criticality: Medium
URL: https://groups.google.com/g/rubyonrails-security/c/ce9PhUANQ6s
Solution: upgrade to >= 1.4.3
Keepalive thread overload/DoS in puma Open
puma (3.10.0)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2019-16770
Criticality: High
URL: https://github.com/puma/puma/security/advisories/GHSA-7xx3-m584-x994
Solution: upgrade to ~> 3.12.2, >= 4.3.1
Possible XSS vulnerability with certain configurations of rails-html-sanitizer Open
rails-html-sanitizer (1.0.3)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2022-23519
Criticality: Medium
URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h
Solution: upgrade to >= 1.4.4
Nokogiri gem, via libxslt, is affected by improper access control vulnerability Open
nokogiri (1.8.1)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2019-11068
URL: https://github.com/sparklemotion/nokogiri/issues/1892
Solution: upgrade to >= 1.10.3
Inefficient Regular Expression Complexity in Nokogiri Open
nokogiri (1.8.1)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2022-24836
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8
Solution: upgrade to >= 1.13.4
Improper neutralization of data URIs may allow XSS in rails-html-sanitizer Open
rails-html-sanitizer (1.0.3)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2022-23518
Criticality: Medium
URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m
Solution: upgrade to >= 1.4.4
Possible XSS vulnerability with certain configurations of rails-html-sanitizer Open
rails-html-sanitizer (1.0.3)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2022-23520
Criticality: Medium
URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8
Solution: upgrade to >= 1.4.4
Inefficient Regular Expression Complexity in rails-html-sanitizer Open
rails-html-sanitizer (1.0.3)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2022-23517
Criticality: High
URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w
Solution: upgrade to >= 1.4.4
RuboCop gem Insecure use of /tmp Open
rubocop (0.48.1)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2017-8418
Criticality: Low
URL: https://github.com/bbatsov/rubocop/issues/4336
Solution: upgrade to >= 0.49.0
HTTP Smuggling via Transfer-Encoding Header in Puma Open
puma (3.10.0)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2020-11076
Criticality: High
URL: https://github.com/puma/puma/security/advisories/GHSA-x7jg-6pwg-fx5h
Solution: upgrade to ~> 3.12.5, >= 4.3.4
Directory traversal in Rack::Directory app bundled with Rack Open
rack (2.0.3)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2020-8161
Criticality: High
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA
Solution: upgrade to ~> 2.1.3, >= 2.2.0
HTTP Response Splitting (Early Hints) in Puma Open
puma (3.10.0)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2020-5249
Criticality: Medium
URL: https://github.com/puma/puma/security/advisories/GHSA-33vf-4xgg-9r58
Solution: upgrade to ~> 3.12.4, >= 4.3.3
Percent-encoded cookies can be used to overwrite existing prefixed cookie names Open
rack (2.0.3)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2020-8184
Criticality: High
URL: https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak
Solution: upgrade to ~> 2.1.4, >= 2.2.3
Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby Open
nokogiri (1.8.1)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2021-41098
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h
Solution: upgrade to >= 1.12.5
Function Controller
has 199 lines of code (exceeds 25 allowed). Consider refactoring. Open
var Controller = function(container, images, options)
{
var items = [], funcSin = Math.sin, funcCos = Math.cos, ctx=this;
this.controlTimer = 0;
this.stopped = false;
- Create a ticketCreate a ticket
Assignment Branch Condition size for topics is too high. [67.39/16] Open
def topics
term = params[:term]
user = params[:user] ? params[:user] : false
if term.present? && term.downcase[0..3] != 'map:' &&
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric