Sign upLogin

metamaps/metamaps

View on GitHub
Star

Showing 2,044 of 2,044 total issues

Denial of Service (DoS) in Nokogiri on JRuby
Open

    nokogiri (1.8.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-24839

Criticality: High

URL: https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv

Solution: upgrade to >= 1.13.4

Improper Handling of Unexpected Data Type in Nokogiri
Open

    nokogiri (1.8.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-29181

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m

Solution: upgrade to >= 1.13.6

HTTP Response Splitting vulnerability in puma
Open

    puma (3.10.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-5247

Criticality: Medium

URL: https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v

Solution: upgrade to ~> 3.12.4, >= 4.3.3

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

    puma (3.10.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-11077

Criticality: Medium

URL: https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm

Solution: upgrade to ~> 3.12.6, >= 4.3.5

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

    rails-html-sanitizer (1.0.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-32209

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/ce9PhUANQ6s

Solution: upgrade to >= 1.4.3

Keepalive thread overload/DoS in puma
Open

    puma (3.10.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-16770

Criticality: High

URL: https://github.com/puma/puma/security/advisories/GHSA-7xx3-m584-x994

Solution: upgrade to ~> 3.12.2, >= 4.3.1

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23519

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h

Solution: upgrade to >= 1.4.4

Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Open

    nokogiri (1.8.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-11068

URL: https://github.com/sparklemotion/nokogiri/issues/1892

Solution: upgrade to >= 1.10.3

Inefficient Regular Expression Complexity in Nokogiri
Open

    nokogiri (1.8.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-24836

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8

Solution: upgrade to >= 1.13.4

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23518

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m

Solution: upgrade to >= 1.4.4

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23520

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8

Solution: upgrade to >= 1.4.4

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23517

Criticality: High

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w

Solution: upgrade to >= 1.4.4

RuboCop gem Insecure use of /tmp
Open

    rubocop (0.48.1)
Severity: Info
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2017-8418

Criticality: Low

URL: https://github.com/bbatsov/rubocop/issues/4336

Solution: upgrade to >= 0.49.0

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

    puma (3.10.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-11076

Criticality: High

URL: https://github.com/puma/puma/security/advisories/GHSA-x7jg-6pwg-fx5h

Solution: upgrade to ~> 3.12.5, >= 4.3.4

Directory traversal in Rack::Directory app bundled with Rack
Open

    rack (2.0.3)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8161

Criticality: High

URL: https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA

Solution: upgrade to ~> 2.1.3, >= 2.2.0

HTTP Response Splitting (Early Hints) in Puma
Open

    puma (3.10.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-5249

Criticality: Medium

URL: https://github.com/puma/puma/security/advisories/GHSA-33vf-4xgg-9r58

Solution: upgrade to ~> 3.12.4, >= 4.3.3

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

    rack (2.0.3)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8184

Criticality: High

URL: https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak

Solution: upgrade to ~> 2.1.4, >= 2.2.3

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

    nokogiri (1.8.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-41098

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h

Solution: upgrade to >= 1.12.5

Function Controller has 199 lines of code (exceeds 25 allowed). Consider refactoring.
Open

    var Controller = function(container, images, options)
    {                        
        var    items = [], funcSin = Math.sin, funcCos = Math.cos, ctx=this;
        this.controlTimer = 0;
        this.stopped = false;
Severity: Major
Found in app/assets/javascripts/cloudcarousel-secret.js - About 7 hrs to fix

Assignment Branch Condition size for topics is too high. [67.39/16]
Open

  def topics
    term = params[:term]
    user = params[:user] ? params[:user] : false

    if term.present? && term.downcase[0..3] != 'map:' &&
Severity: Minor
Found in app/controllers/search_controller.rb by rubocop

This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric

Severity
Category
Status
Source
Language