Issues - moonleerecords/moonlee-website

XML Injection in Xerces Java affects Nokogiri
Open

    nokogiri (1.10.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23437

Criticality: Medium

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xxx9-3xcr-gjj3

Solution: upgrade to >= 1.13.4

Possible XSS Vulnerability in Action View tag helpers
Open

    actionview (5.1.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-27777

Criticality: Medium

URL: https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw

Solution: upgrade to >= 5.2.7.1, ~> 5.2.7, >= 6.0.4.8, ~> 6.0.4, >= 6.1.5.1, ~> 6.1.5, >= 7.0.2.4

Improper neutralization of data URIs may allow XSS in Loofah
Open

    loofah (2.2.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23515

Criticality: Medium

URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-228g-948r-83gx

Solution: upgrade to >= 2.19.1

Uncontrolled Recursion in Loofah
Open

    loofah (2.2.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23516

Criticality: High

URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-3x8r-x6xp-q4vm

Solution: upgrade to >= 2.19.1

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

    nokogiri (1.10.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-41098

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h

Solution: upgrade to >= 1.12.5

ReDoS based DoS vulnerability in Active Support’s underscore
Open

    activesupport (5.1.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2023-22796

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Server side request forgery in gibbon
Open

    gibbon (3.2.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-27311

Criticality: Critical

URL: https://github.com/amro/gibbon/pull/321

Solution: upgrade to >= 3.4.4

Out-of-bounds Write in zlib affects Nokogiri
Open

    nokogiri (1.10.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-25032

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5

Solution: upgrade to >= 1.13.4

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23519

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h

Solution: upgrade to >= 1.4.4

Possible exposure of information vulnerability in Action Pack
Open

    actionpack (5.1.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23633

Criticality: High

URL: https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ

Solution: upgrade to >= 5.2.6.2, ~> 5.2.6, >= 6.0.4.6, ~> 6.0.4, >= 6.1.4.6, ~> 6.1.4, >= 7.0.2.2

Regular Expression Denial of Service in Addressable templates
Open

    addressable (2.6.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-32740

Criticality: High

URL: https://github.com/advisories/GHSA-jxhc-q857-3j6g

Solution: upgrade to >= 2.8.0

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

    nokogiri (1.10.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-26247

Criticality: Low

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m

Solution: upgrade to >= 1.11.0.rc4

Denial of Service (DoS) in Nokogiri on JRuby
Open

    nokogiri (1.10.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-24839

Criticality: High

URL: https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv

Solution: upgrade to >= 1.13.4

Possible XSS vulnerability in ActionView
Open

    actionview (5.1.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-5267

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/55reWMM_Pg8

Solution: upgrade to >= 5.2.4.2, ~> 5.2.4, >= 6.0.2.2

Possible DoS Vulnerability in Active Record PostgreSQL adapter
Open

    activerecord (5.1.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-22880

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/ZzUqCh9vyhI

Solution: upgrade to >= 5.2.4.5, ~> 5.2.4, >= 6.0.3.5, ~> 6.0.3, >= 6.1.2.1

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23517

Criticality: High

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w

Solution: upgrade to >= 1.4.4

ReDoS based DoS vulnerability in Action Dispatch
Open

    actionpack (5.1.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2023-22795

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Possible RCE escalation bug with Serialized Columns in Active Record
Open

    activerecord (5.1.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-32224

Criticality: Critical

URL: https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U

Solution: upgrade to >= 5.2.8.1, ~> 5.2.8, >= 6.0.5.1, ~> 6.0.5, >= 6.1.6.1, ~> 6.1.6, >= 7.0.3.1

Ability to forge per-form CSRF tokens given a global CSRF token
Open

    actionpack (5.1.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8166

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

httparty has multipart/form-data request tampering vulnerability
Open

    httparty (0.16.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

Criticality: Medium

URL: https://github.com/jnunemaker/httparty/security/advisories/GHSA-5pq7-52mg-hr42

Solution: upgrade to >= 0.21.0

moonleerecords/moonlee-website

Showing 211 of 211 total issues

XML Injection in Xerces Java affects Nokogiri
Open

Possible XSS Vulnerability in Action View tag helpers
Open

Improper neutralization of data URIs may allow XSS in Loofah
Open

Uncontrolled Recursion in Loofah
Open

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

ReDoS based DoS vulnerability in Active Support’s underscore
Open

Server side request forgery in gibbon
Open

Out-of-bounds Write in zlib affects Nokogiri
Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

Possible exposure of information vulnerability in Action Pack
Open

Regular Expression Denial of Service in Addressable templates
Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

Denial of Service (DoS) in Nokogiri on JRuby
Open

Possible XSS vulnerability in ActionView
Open

Possible DoS Vulnerability in Active Record PostgreSQL adapter
Open

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

ReDoS based DoS vulnerability in Action Dispatch
Open

Possible RCE escalation bug with Serialized Columns in Active Record
Open

Ability to forge per-form CSRF tokens given a global CSRF token
Open

httparty has multipart/form-data request tampering vulnerability
Open

Severity

Category

Status

Source

Language

moonleerecords/moonlee-website

Showing 211 of 211 total issues

XML Injection in Xerces Java affects Nokogiri Open

Possible XSS Vulnerability in Action View tag helpers Open

Improper neutralization of data URIs may allow XSS in Loofah Open

Uncontrolled Recursion in Loofah Open

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby Open

ReDoS based DoS vulnerability in Active Support’s underscore Open

Server side request forgery in gibbon Open

Out-of-bounds Write in zlib affects Nokogiri Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer Open

Possible exposure of information vulnerability in Action Pack Open

Regular Expression Denial of Service in Addressable templates Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability Open

Denial of Service (DoS) in Nokogiri on JRuby Open

Possible XSS vulnerability in ActionView Open

Possible DoS Vulnerability in Active Record PostgreSQL adapter Open

Inefficient Regular Expression Complexity in rails-html-sanitizer Open

ReDoS based DoS vulnerability in Action Dispatch Open

Possible RCE escalation bug with Serialized Columns in Active Record Open

Ability to forge per-form CSRF tokens given a global CSRF token Open

httparty has multipart/form-data request tampering vulnerability Open

Severity

Category

Status

Source

Language

XML Injection in Xerces Java affects Nokogiri
Open

Possible XSS Vulnerability in Action View tag helpers
Open

Improper neutralization of data URIs may allow XSS in Loofah
Open

Uncontrolled Recursion in Loofah
Open

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

ReDoS based DoS vulnerability in Active Support’s underscore
Open

Server side request forgery in gibbon
Open

Out-of-bounds Write in zlib affects Nokogiri
Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

Possible exposure of information vulnerability in Action Pack
Open

Regular Expression Denial of Service in Addressable templates
Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

Denial of Service (DoS) in Nokogiri on JRuby
Open

Possible XSS vulnerability in ActionView
Open

Possible DoS Vulnerability in Active Record PostgreSQL adapter
Open

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

ReDoS based DoS vulnerability in Action Dispatch
Open

Possible RCE escalation bug with Serialized Columns in Active Record
Open

Ability to forge per-form CSRF tokens given a global CSRF token
Open

httparty has multipart/form-data request tampering vulnerability
Open