Issues - mmpollard/RMSIVendorRegApp

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

    activerecord (4.2.5.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-44566

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

    json (1.8.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-10663

Criticality: High

URL: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/

Solution: upgrade to >= 2.3.0

Possible shell escape sequence injection vulnerability in Rack
Open

    rack (1.6.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-30123

Criticality: Critical

URL: https://groups.google.com/g/ruby-security-ann/c/LWB10kWzag8

Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1

Directory traversal in Rack::Directory app bundled with Rack
Open

    rack (1.6.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8161

Criticality: High

URL: https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA

Solution: upgrade to ~> 2.1.3, >= 2.2.0

OS Command Injection in Rake
Open

    rake (10.5.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8130

Criticality: High

URL: https://github.com/advisories/GHSA-jppv-gw3r-w3q8

Solution: upgrade to >= 12.3.3

Possible DoS Vulnerability in Action Controller Token Authentication
Open

    actionpack (4.2.5.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-22904

Criticality: High

URL: https://groups.google.com/g/rubyonrails-security/c/Pf1TjkOBdyQ

Solution: upgrade to ~> 5.2.4.6, ~> 5.2.6, >= 6.0.3.7, ~> 6.0.3, >= 6.1.3.2

Denial of Service Vulnerability in Rack Content-Disposition parsing
Open

    rack (1.6.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-44571

URL: https://github.com/rack/rack/releases/tag/v3.0.4.1

Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.1, ~> 2.2.6, >= 3.0.4.1

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

    nokogiri (1.6.7.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw

Solution: upgrade to >= 1.13.9

libxml2 2.9.10 has an infinite loop in a certain end-of-file situation
Open

    nokogiri (1.6.7.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-7595

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1992

Solution: upgrade to >= 1.10.8

Regular Expression Denial of Service in Addressable templates
Open

    addressable (2.4.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-32740

Criticality: High

URL: https://github.com/advisories/GHSA-jxhc-q857-3j6g

Solution: upgrade to >= 2.8.0

Inefficient Regular Expression Complexity in Loofah
Open

    loofah (2.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23514

Criticality: High

URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-486f-hjj9-9vhh

Solution: upgrade to >= 2.19.1

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

    nokogiri (1.6.7.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-5477

Criticality: Critical

URL: https://github.com/sparklemotion/nokogiri/issues/1915

Solution: upgrade to >= 1.10.4

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

    nokogiri (1.6.7.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-26247

Criticality: Low

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m

Solution: upgrade to >= 1.11.0.rc4

Revert libxml2 behavior in Nokogiri gem that could cause XSS
Open

    nokogiri (1.6.7.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-8048

URL: https://github.com/sparklemotion/nokogiri/pull/1746

Solution: upgrade to >= 1.8.3

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

    nokogiri (1.6.7.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2017-15412

URL: https://github.com/sparklemotion/nokogiri/issues/1714

Solution: upgrade to >= 1.8.2

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

    nokogiri (1.6.7.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64

Solution: upgrade to >= 1.11.4

Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities
Open

    nokogiri (1.6.7.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2017-9050

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1673

Solution: upgrade to >= 1.8.1

Prototype pollution attack through jQuery $.extend
Open

    jquery-rails (4.1.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-11358

Criticality: Medium

URL: https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/

Solution: upgrade to >= 4.3.4

Loofah XSS Vulnerability
Open

    loofah (2.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-16468

Criticality: Medium

URL: https://github.com/flavorjones/loofah/issues/154

Solution: upgrade to >= 2.2.3

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

    nokogiri (1.6.7.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-13117

URL: https://github.com/sparklemotion/nokogiri/issues/1943

Solution: upgrade to >= 1.10.5

mmpollard/RMSIVendorRegApp

Showing 128 of 128 total issues

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

Possible shell escape sequence injection vulnerability in Rack
Open

Directory traversal in Rack::Directory app bundled with Rack
Open

OS Command Injection in Rake
Open

Possible DoS Vulnerability in Action Controller Token Authentication
Open

Denial of Service Vulnerability in Rack Content-Disposition parsing
Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

libxml2 2.9.10 has an infinite loop in a certain end-of-file situation
Open

Regular Expression Denial of Service in Addressable templates
Open

Inefficient Regular Expression Complexity in Loofah
Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

Revert libxml2 behavior in Nokogiri gem that could cause XSS
Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities
Open

Prototype pollution attack through jQuery $.extend
Open

Loofah XSS Vulnerability
Open

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

Severity

Category

Status

Source

Language

mmpollard/RMSIVendorRegApp

Showing 128 of 128 total issues

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter Open

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix) Open

Possible shell escape sequence injection vulnerability in Rack Open

Directory traversal in Rack::Directory app bundled with Rack Open

OS Command Injection in Rake Open

Possible DoS Vulnerability in Action Controller Token Authentication Open

Denial of Service Vulnerability in Rack Content-Disposition parsing Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs Open

libxml2 2.9.10 has an infinite loop in a certain end-of-file situation Open

Regular Expression Denial of Service in Addressable templates Open

Inefficient Regular Expression Complexity in Loofah Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability Open

Revert libxml2 behavior in Nokogiri gem that could cause XSS Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12 Open

Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities Open

Prototype pollution attack through jQuery $.extend Open

Loofah XSS Vulnerability Open

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities Open

Severity

Category

Status

Source

Language

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

Possible shell escape sequence injection vulnerability in Rack
Open

Directory traversal in Rack::Directory app bundled with Rack
Open

OS Command Injection in Rake
Open

Possible DoS Vulnerability in Action Controller Token Authentication
Open

Denial of Service Vulnerability in Rack Content-Disposition parsing
Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

libxml2 2.9.10 has an infinite loop in a certain end-of-file situation
Open

Regular Expression Denial of Service in Addressable templates
Open

Inefficient Regular Expression Complexity in Loofah
Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

Revert libxml2 behavior in Nokogiri gem that could cause XSS
Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities
Open

Prototype pollution attack through jQuery $.extend
Open

Loofah XSS Vulnerability
Open

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open