Issues - moonleerecords/moonlee-website

ReDoS based DoS vulnerability in GlobalID
Open

    globalid (0.4.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2023-22799

URL: https://github.com/rails/globalid/releases/tag/v1.0.1

Solution: upgrade to >= 1.0.1

Potential XSS vulnerability in Action View
Open

    actionview (5.1.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-15169

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/b-C9kSGXYrc

Solution: upgrade to >= 5.2.4.4, ~> 5.2.4, >= 6.0.3.3

Older releases of better_errors open to Cross-Site Request Forgery attack
Open

    better_errors (2.5.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-39197

Criticality: Medium

URL: https://github.com/BetterErrors/better_errors/security/advisories/GHSA-w3j4-76qw-wwjm

Solution: upgrade to >= 2.8.0

Possible Information Disclosure / Unintended Method Execution in Action Pack
Open

    actionpack (5.1.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-22885

Criticality: High

URL: https://groups.google.com/g/rubyonrails-security/c/NiQl-48cXYI

Solution: upgrade to ~> 5.2.4.6, ~> 5.2.6, >= 6.0.3.7, ~> 6.0.3, >= 6.1.3.2

ReDoS based DoS vulnerability in Action Dispatch
Open

    actionpack (5.1.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2023-22792

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

    activerecord (5.1.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-44566

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

    rails-html-sanitizer (1.0.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-32209

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/ce9PhUANQ6s

Solution: upgrade to >= 1.4.3

Potential XSS vulnerability in jQuery
Open

    jquery-rails (4.3.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-11023

Criticality: Medium

URL: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released

Solution: upgrade to >= 4.4.0

Inefficient Regular Expression Complexity in Loofah
Open

    loofah (2.2.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23514

Criticality: High

URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-486f-hjj9-9vhh

Solution: upgrade to >= 2.19.1

Inefficient Regular Expression Complexity in Nokogiri
Open

    nokogiri (1.10.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-24836

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8

Solution: upgrade to >= 1.13.4

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23520

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8

Solution: upgrade to >= 1.4.4

Possible DoS Vulnerability in Action Controller Token Authentication
Open

    actionpack (5.1.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-22904

Criticality: High

URL: https://groups.google.com/g/rubyonrails-security/c/Pf1TjkOBdyQ

Solution: upgrade to ~> 5.2.4.6, ~> 5.2.6, >= 6.0.3.7, ~> 6.0.3, >= 6.1.3.2

Geocoder gem for Ruby contains possible SQL injection vulnerability
Open

    geocoder (1.5.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-7981

Criticality: Critical

URL: https://github.com/alexreisner/geocoder/blob/master/CHANGELOG.md#161-2020-jan-23

Solution: upgrade to >= 1.6.1

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

    nokogiri (1.10.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-30560

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2

Solution: upgrade to >= 1.13.2

Improper Handling of Unexpected Data Type in Nokogiri
Open

    nokogiri (1.10.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-29181

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m

Solution: upgrade to >= 1.13.6

Loofah XSS Vulnerability
Open

    loofah (2.2.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-15587

Criticality: Medium

URL: https://github.com/flavorjones/loofah/issues/171

Solution: upgrade to >= 2.3.1

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

    rack (2.0.6)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8184

Criticality: High

URL: https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak

Solution: upgrade to ~> 2.1.4, >= 2.2.3

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23518

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m

Solution: upgrade to >= 1.4.4

Possible Strong Parameters Bypass in ActionPack
Open

    actionpack (5.1.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8164

Criticality: High

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

Cross-Site Scripting in Kaminari via `original_script_name` parameter
Open

    kaminari (1.1.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-11082

Criticality: Medium

URL: https://github.com/kaminari/kaminari/security/advisories/GHSA-r5jw-62xg-j433

Solution: upgrade to >= 1.2.1

moonleerecords/moonlee-website

Showing 211 of 211 total issues

ReDoS based DoS vulnerability in GlobalID
Open

Potential XSS vulnerability in Action View
Open

Older releases of better_errors open to Cross-Site Request Forgery attack
Open

Possible Information Disclosure / Unintended Method Execution in Action Pack
Open

ReDoS based DoS vulnerability in Action Dispatch
Open

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

Potential XSS vulnerability in jQuery
Open

Inefficient Regular Expression Complexity in Loofah
Open

Inefficient Regular Expression Complexity in Nokogiri
Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

Possible DoS Vulnerability in Action Controller Token Authentication
Open

Geocoder gem for Ruby contains possible SQL injection vulnerability
Open

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

Improper Handling of Unexpected Data Type in Nokogiri
Open

Loofah XSS Vulnerability
Open

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

Possible Strong Parameters Bypass in ActionPack
Open

Cross-Site Scripting in Kaminari via `original_script_name` parameter
Open

Severity

Category

Status

Source

Language

moonleerecords/moonlee-website

Showing 211 of 211 total issues

ReDoS based DoS vulnerability in GlobalID Open

Potential XSS vulnerability in Action View Open

Older releases of better_errors open to Cross-Site Request Forgery attack Open

Possible Information Disclosure / Unintended Method Execution in Action Pack Open

ReDoS based DoS vulnerability in Action Dispatch Open

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter Open

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer Open

Potential XSS vulnerability in jQuery Open

Inefficient Regular Expression Complexity in Loofah Open

Inefficient Regular Expression Complexity in Nokogiri Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer Open

Possible DoS Vulnerability in Action Controller Token Authentication Open

Geocoder gem for Ruby contains possible SQL injection vulnerability Open

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35) Open

Improper Handling of Unexpected Data Type in Nokogiri Open

Loofah XSS Vulnerability Open

Percent-encoded cookies can be used to overwrite existing prefixed cookie names Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer Open

Possible Strong Parameters Bypass in ActionPack Open

Cross-Site Scripting in Kaminari via original_script_name parameter Open

Severity

Category

Status

Source

Language

ReDoS based DoS vulnerability in GlobalID
Open

Potential XSS vulnerability in Action View
Open

Older releases of better_errors open to Cross-Site Request Forgery attack
Open

Possible Information Disclosure / Unintended Method Execution in Action Pack
Open

ReDoS based DoS vulnerability in Action Dispatch
Open

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

Potential XSS vulnerability in jQuery
Open

Inefficient Regular Expression Complexity in Loofah
Open

Inefficient Regular Expression Complexity in Nokogiri
Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

Possible DoS Vulnerability in Action Controller Token Authentication
Open

Geocoder gem for Ruby contains possible SQL injection vulnerability
Open

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

Improper Handling of Unexpected Data Type in Nokogiri
Open

Loofah XSS Vulnerability
Open

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

Possible Strong Parameters Bypass in ActionPack
Open

Cross-Site Scripting in Kaminari via `original_script_name` parameter
Open