Issues - nerdhub/hcking

Possible Strong Parameters Bypass in ActionPack
Open

    actionpack (4.2.10)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8164

Criticality: High

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

ReDoS based DoS vulnerability in Active Support’s underscore
Open

    activesupport (4.2.10)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2023-22796

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Denial of service via multipart parsing in Rack
Open

    rack (1.6.10)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-44572

URL: https://github.com/rack/rack/releases/tag/v3.0.4.1

Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.1, ~> 2.2.6, >= 3.0.4.1

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

    rack (1.6.10)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8184

Criticality: High

URL: https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak

Solution: upgrade to ~> 2.1.4, >= 2.2.3

Keepalive Connections Causing Denial Of Service in puma
Open

    puma (3.11.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-29509

Criticality: High

URL: https://github.com/puma/puma/security/advisories/GHSA-q28m-8xjw-8vr5

Solution: upgrade to ~> 4.3.8, >= 5.3.1

Denial of Service Vulnerability in Rack Content-Disposition parsing
Open

    rack (1.6.10)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-44571

URL: https://github.com/rack/rack/releases/tag/v3.0.4.1

Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.1, ~> 2.2.6, >= 3.0.4.1

Ability to forge per-form CSRF tokens given a global CSRF token
Open

    actionpack (4.2.10)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8166

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

    activerecord (4.2.10)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-44566

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

CSRF vulnerability in OmniAuth's request phase
Open

    omniauth (1.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2015-9284

Criticality: High

URL: https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284

Solution: upgrade to >= 2.0.0

HTTP Request Smuggling in puma
Open

    puma (3.11.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-24790

Criticality: Critical

URL: https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9

Solution: upgrade to ~> 4.3.12, >= 5.6.4

Denial of Service Vulnerability in Rack Multipart Parsing
Open

    rack (1.6.10)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-30122

Criticality: High

URL: https://groups.google.com/g/ruby-security-ann/c/L2Axto442qk

Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1

Denial of service via header parsing in Rack
Open

    rack (1.6.10)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-44570

URL: https://github.com/rack/rack/releases/tag/v3.0.4.1

Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.2, ~> 2.2.6, >= 3.0.4.1

Directory traversal in Rack::Directory app bundled with Rack
Open

    rack (1.6.10)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8161

Criticality: High

URL: https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA

Solution: upgrade to ~> 2.1.3, >= 2.2.0

XSS Vulnerability on closeText option of Dialog jQuery UI
Open

    jquery-ui-rails (5.0.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2016-7103

Criticality: Medium

URL: https://github.com/jquery/api.jqueryui.com/issues/281

Solution: upgrade to >= 6.0.0

Cross-Site Scripting in Kaminari via `original_script_name` parameter
Open

    kaminari (0.16.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-11082

Criticality: Medium

URL: https://github.com/kaminari/kaminari/security/advisories/GHSA-r5jw-62xg-j433

Solution: upgrade to >= 1.2.1

Information Exposure with Puma when used with Rails
Open

    puma (3.11.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23634

Criticality: High

URL: https://github.com/puma/puma/security/advisories/GHSA-rmj8-8hhh-gv5h

Solution: upgrade to ~> 4.3.11, >= 5.6.2

Possible shell escape sequence injection vulnerability in Rack
Open

    rack (1.6.10)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-30123

Criticality: Critical

URL: https://groups.google.com/g/ruby-security-ann/c/LWB10kWzag8

Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma
Open

    puma (3.11.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-41136

Criticality: Low

URL: https://github.com/puma/puma/security/advisories/GHSA-48w2-rm65-62xx

Solution: upgrade to ~> 4.3.9, >= 5.5.1

Possible XSS vulnerability in ActionView
Open

    actionview (4.2.10)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-5267

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/55reWMM_Pg8

Solution: upgrade to >= 5.2.4.2, ~> 5.2.4, >= 6.0.2.2

Potential XSS vulnerability in jQuery
Open

    jquery-rails (3.1.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-11023

Criticality: Medium

URL: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released

Solution: upgrade to >= 4.4.0

nerdhub/hcking

Showing 144 of 144 total issues

Possible Strong Parameters Bypass in ActionPack
Open

ReDoS based DoS vulnerability in Active Support’s underscore
Open

Denial of service via multipart parsing in Rack
Open

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

Keepalive Connections Causing Denial Of Service in puma
Open

Denial of Service Vulnerability in Rack Content-Disposition parsing
Open

Ability to forge per-form CSRF tokens given a global CSRF token
Open

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

CSRF vulnerability in OmniAuth's request phase
Open

HTTP Request Smuggling in puma
Open

Denial of Service Vulnerability in Rack Multipart Parsing
Open

Denial of service via header parsing in Rack
Open

Directory traversal in Rack::Directory app bundled with Rack
Open

XSS Vulnerability on closeText option of Dialog jQuery UI
Open

Cross-Site Scripting in Kaminari via `original_script_name` parameter
Open

Information Exposure with Puma when used with Rails
Open

Possible shell escape sequence injection vulnerability in Rack
Open

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma
Open

Possible XSS vulnerability in ActionView
Open

Potential XSS vulnerability in jQuery
Open

Severity

Category

Status

Source

Language

nerdhub/hcking

Showing 144 of 144 total issues

Possible Strong Parameters Bypass in ActionPack Open

ReDoS based DoS vulnerability in Active Support’s underscore Open

Denial of service via multipart parsing in Rack Open

Percent-encoded cookies can be used to overwrite existing prefixed cookie names Open

Keepalive Connections Causing Denial Of Service in puma Open

Denial of Service Vulnerability in Rack Content-Disposition parsing Open

Ability to forge per-form CSRF tokens given a global CSRF token Open

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter Open

CSRF vulnerability in OmniAuth's request phase Open

HTTP Request Smuggling in puma Open

Denial of Service Vulnerability in Rack Multipart Parsing Open

Denial of service via header parsing in Rack Open

Directory traversal in Rack::Directory app bundled with Rack Open

XSS Vulnerability on closeText option of Dialog jQuery UI Open

Cross-Site Scripting in Kaminari via original_script_name parameter Open

Information Exposure with Puma when used with Rails Open

Possible shell escape sequence injection vulnerability in Rack Open

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma Open

Possible XSS vulnerability in ActionView Open

Potential XSS vulnerability in jQuery Open

Severity

Category

Status

Source

Language

Possible Strong Parameters Bypass in ActionPack
Open

ReDoS based DoS vulnerability in Active Support’s underscore
Open

Denial of service via multipart parsing in Rack
Open

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

Keepalive Connections Causing Denial Of Service in puma
Open

Denial of Service Vulnerability in Rack Content-Disposition parsing
Open

Ability to forge per-form CSRF tokens given a global CSRF token
Open

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

CSRF vulnerability in OmniAuth's request phase
Open

HTTP Request Smuggling in puma
Open

Denial of Service Vulnerability in Rack Multipart Parsing
Open

Denial of service via header parsing in Rack
Open

Directory traversal in Rack::Directory app bundled with Rack
Open

XSS Vulnerability on closeText option of Dialog jQuery UI
Open

Cross-Site Scripting in Kaminari via `original_script_name` parameter
Open

Information Exposure with Puma when used with Rails
Open

Possible shell escape sequence injection vulnerability in Rack
Open

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma
Open

Possible XSS vulnerability in ActionView
Open

Potential XSS vulnerability in jQuery
Open