moonleerecords/moonlee-website

View on GitHub
Gemfile.lock

Summary

Maintainability
Test Coverage

Ability to forge per-form CSRF tokens given a global CSRF token
Open

    actionpack (5.1.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8166

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

Possible DoS Vulnerability in Active Record PostgreSQL adapter
Open

    activerecord (5.1.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-22880

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/ZzUqCh9vyhI

Solution: upgrade to >= 5.2.4.5, ~> 5.2.4, ~> 6.0.3.5, >= 6.1.2.1

Potential XSS vulnerability in Action View
Open

    actionview (5.1.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-15169

URL: https://groups.google.com/g/rubyonrails-security/c/b-C9kSGXYrc

Solution: upgrade to >= 5.2.4.4, ~> 5.2.4, >= 6.0.3.3

Insecure Source URI found: git://github.com/justinfrench/formtastic.git
Open

  remote: git://github.com/justinfrench/formtastic.git
Severity: Minor
Found in Gemfile.lock by bundler-audit

Cross-Site Scripting in Kaminari via original_script_name parameter
Open

    kaminari (1.1.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-11082

Criticality: Medium

URL: https://github.com/kaminari/kaminari/security/advisories/GHSA-r5jw-62xg-j433

Solution: upgrade to >= 1.2.1

Possible XSS vulnerability in ActionView
Open

    actionview (5.1.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-5267

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/55reWMM_Pg8

Solution: upgrade to >= 5.2.4.2, ~> 5.2.4, >= 6.0.2.2

Geocoder gem for Ruby contains possible SQL injection vulnerability
Open

    geocoder (1.5.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-7981

Criticality: Critical

URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7981

Solution: upgrade to >= 1.6.1

Insecure Source URI found: git://github.com/activeadmin/activeadmin.git
Open

  remote: git://github.com/activeadmin/activeadmin.git
Severity: Minor
Found in Gemfile.lock by bundler-audit

CSRF Vulnerability in rails-ujs
Open

    actionview (5.1.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8167

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

Insecure Source URI found: git://github.com/activerecord-hackery/ransack.git
Open

  remote: git://github.com/activerecord-hackery/ransack.git
Severity: Minor
Found in Gemfile.lock by bundler-audit

Insecure Source URI found: git://github.com/activeadmin/inherited_resources.git
Open

  remote: git://github.com/activeadmin/inherited_resources.git
Severity: Minor
Found in Gemfile.lock by bundler-audit

Insecure Source URI found: git://github.com/rails/activemodel-serializers-xml.git
Open

  remote: git://github.com/rails/activemodel-serializers-xml.git
Severity: Minor
Found in Gemfile.lock by bundler-audit

Possible Strong Parameters Bypass in ActionPack
Open

    actionpack (5.1.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8164

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

Directory traversal in Rack::Directory app bundled with Rack
Open

    rack (2.0.6)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8161

URL: https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA

Solution: upgrade to ~> 2.1.3, >= 2.2.0

Devise Gem for Ruby confirmation token validation with a blank string
Open

    devise (4.6.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-16109

URL: https://github.com/plataformatec/devise/issues/5071

Solution: upgrade to >= 4.7.1

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

    nokogiri (1.10.1)
Severity: Info
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-26247

Criticality: Low

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m

Solution: upgrade to >= 1.11.0.rc4

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

    rack (2.0.6)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8184

URL: https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak

Solution: upgrade to ~> 2.1.4, >= 2.2.3

Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
Open

    activesupport (5.1.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8165

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

Loofah XSS Vulnerability
Open

    loofah (2.2.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-15587

Criticality: Medium

URL: https://github.com/flavorjones/loofah/issues/171

Solution: upgrade to >= 2.3.1

Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Open

    nokogiri (1.10.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-11068

URL: https://github.com/sparklemotion/nokogiri/issues/1892

Solution: upgrade to >= 1.10.3

File Content Disclosure in Action View
Open

    actionview (5.1.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-5418

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q

Solution: upgrade to >= 4.2.11.1, ~> 4.2.11, >= 5.0.7.2, ~> 5.0.7, >= 5.1.6.2, ~> 5.1.6, >= 5.2.2.1, ~> 5.2.2, >= 6.0.0.beta3

Possible information leak / session hijack vulnerability
Open

    rack (2.0.6)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-16782

URL: https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3

Solution: upgrade to ~> 1.6.12, >= 2.0.8

Denial of Service Vulnerability in Action View
Open

    actionview (5.1.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-5419

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/GN7w9fFAQeI

Solution: upgrade to >= 6.0.0.beta3, >= 5.2.2.1, ~> 5.2.2, >= 5.1.6.2, ~> 5.1.6, >= 5.0.7.2, ~> 5.0.7, >= 4.2.11.1, ~> 4.2.11

OS Command Injection in Rake
Open

    rake (12.3.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8130

Criticality: High

URL: https://github.com/advisories/GHSA-jppv-gw3r-w3q8

Solution: upgrade to >= 12.3.3

Broken Access Control vulnerability in Active Job
Open

    activejob (5.1.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-16476

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/FL4dSdzr2zw

Solution: upgrade to ~> 4.2.11, ~> 5.0.7.1, ~> 5.1.6.1, ~> 5.1.7, >= 5.2.1.1

libxml2 2.9.10 has an infinite loop in a certain end-of-file situation
Open

    nokogiri (1.10.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-7595

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1992

Solution: upgrade to >= 1.10.8

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

    nokogiri (1.10.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-13117

URL: https://github.com/sparklemotion/nokogiri/issues/1943

Solution: upgrade to >= 1.10.5

Regular Expression Denial of Service in websocket-extensions (RubyGem)
Open

    websocket-extensions (0.1.3)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-7663

Criticality: High

URL: https://github.com/faye/websocket-extensions-ruby/security/advisories/GHSA-g6wq-qcwm-j5g2

Solution: upgrade to >= 0.1.5

Prototype pollution attack through jQuery $.extend
Open

    jquery-rails (4.3.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-11358

Criticality: Medium

URL: https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/

Solution: upgrade to >= 4.3.4

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

    nokogiri (1.10.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-5477

Criticality: Critical

URL: https://github.com/sparklemotion/nokogiri/issues/1915

Solution: upgrade to >= 1.10.4

There are no issues that match your filters.

Category
Status