Issues - newaperio/transcript

ReDoS based DoS vulnerability in GlobalID
Open

    globalid (0.4.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2023-22799

URL: https://github.com/rails/globalid/releases/tag/v1.0.1

Solution: upgrade to >= 1.0.1

OS Command Injection in Rake
Open

    rake (10.5.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8130

Criticality: High

URL: https://github.com/advisories/GHSA-jppv-gw3r-w3q8

Solution: upgrade to >= 12.3.3

Possible XSS Vulnerability in Action View tag helpers
Open

    actionview (5.0.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-27777

Criticality: Medium

URL: https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw

Solution: upgrade to >= 5.2.7.1, ~> 5.2.7, >= 6.0.4.8, ~> 6.0.4, >= 6.1.5.1, ~> 6.1.5, >= 7.0.2.4

Inefficient Regular Expression Complexity in Loofah
Open

    loofah (2.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23514

Criticality: High

URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-486f-hjj9-9vhh

Solution: upgrade to >= 2.19.1

Loofah XSS Vulnerability
Open

    loofah (2.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-15587

Criticality: Medium

URL: https://github.com/flavorjones/loofah/issues/171

Solution: upgrade to >= 2.3.1

Possible DoS Vulnerability in Active Record PostgreSQL adapter
Open

    activerecord (5.0.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-22880

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/ZzUqCh9vyhI

Solution: upgrade to >= 5.2.4.5, ~> 5.2.4, >= 6.0.3.5, ~> 6.0.3, >= 6.1.2.1

XML Injection in Xerces Java affects Nokogiri
Open

    nokogiri (1.8.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23437

Criticality: Medium

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xxx9-3xcr-gjj3

Solution: upgrade to >= 1.13.4

ReDoS based DoS vulnerability in Action Dispatch
Open

    actionpack (5.0.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2023-22792

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

    nokogiri (1.8.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw

Solution: upgrade to >= 1.13.9

Possible XSS vulnerability in ActionView
Open

    actionview (5.0.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-5267

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/55reWMM_Pg8

Solution: upgrade to >= 5.2.4.2, ~> 5.2.4, >= 6.0.2.2

Directory traversal in Rack::Directory app bundled with Rack
Open

    rack (2.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8161

Criticality: High

URL: https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA

Solution: upgrade to ~> 2.1.3, >= 2.2.0

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

    rack (2.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8184

Criticality: High

URL: https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak

Solution: upgrade to ~> 2.1.4, >= 2.2.3

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

    activerecord (5.0.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-44566

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Loofah XSS Vulnerability
Open

    loofah (2.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-16468

Criticality: Medium

URL: https://github.com/flavorjones/loofah/issues/154

Solution: upgrade to >= 2.2.3

Inefficient Regular Expression Complexity in Nokogiri
Open

    nokogiri (1.8.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-24836

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8

Solution: upgrade to >= 1.13.4

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

    nokogiri (1.8.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-5477

Criticality: Critical

URL: https://github.com/sparklemotion/nokogiri/issues/1915

Solution: upgrade to >= 1.10.4

ReDoS based DoS vulnerability in Action Dispatch
Open

    actionpack (5.0.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2023-22795

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Potential XSS vulnerability in Action View
Open

    actionview (5.0.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-15169

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/b-C9kSGXYrc

Solution: upgrade to >= 5.2.4.4, ~> 5.2.4, >= 6.0.3.3

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

    nokogiri (1.8.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-13117

URL: https://github.com/sparklemotion/nokogiri/issues/1943

Solution: upgrade to >= 1.10.5

Out-of-bounds Write in zlib affects Nokogiri
Open

    nokogiri (1.8.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-25032

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5

Solution: upgrade to >= 1.13.4

newaperio/transcript

Showing 149 of 149 total issues

ReDoS based DoS vulnerability in GlobalID
Open

OS Command Injection in Rake
Open

Possible XSS Vulnerability in Action View tag helpers
Open

Inefficient Regular Expression Complexity in Loofah
Open

Loofah XSS Vulnerability
Open

Possible DoS Vulnerability in Active Record PostgreSQL adapter
Open

XML Injection in Xerces Java affects Nokogiri
Open

ReDoS based DoS vulnerability in Action Dispatch
Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

Possible XSS vulnerability in ActionView
Open

Directory traversal in Rack::Directory app bundled with Rack
Open

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

Loofah XSS Vulnerability
Open

Inefficient Regular Expression Complexity in Nokogiri
Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

ReDoS based DoS vulnerability in Action Dispatch
Open

Potential XSS vulnerability in Action View
Open

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

Out-of-bounds Write in zlib affects Nokogiri
Open

Severity

Category

Status

Source

Language

newaperio/transcript

Showing 149 of 149 total issues

ReDoS based DoS vulnerability in GlobalID Open

OS Command Injection in Rake Open

Possible XSS Vulnerability in Action View tag helpers Open

Inefficient Regular Expression Complexity in Loofah Open

Loofah XSS Vulnerability Open

Possible DoS Vulnerability in Active Record PostgreSQL adapter Open

XML Injection in Xerces Java affects Nokogiri Open

ReDoS based DoS vulnerability in Action Dispatch Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs Open

Possible XSS vulnerability in ActionView Open

Directory traversal in Rack::Directory app bundled with Rack Open

Percent-encoded cookies can be used to overwrite existing prefixed cookie names Open

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter Open

Loofah XSS Vulnerability Open

Inefficient Regular Expression Complexity in Nokogiri Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file Open

ReDoS based DoS vulnerability in Action Dispatch Open

Potential XSS vulnerability in Action View Open

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities Open

Out-of-bounds Write in zlib affects Nokogiri Open

Severity

Category

Status

Source

Language

ReDoS based DoS vulnerability in GlobalID
Open

OS Command Injection in Rake
Open

Possible XSS Vulnerability in Action View tag helpers
Open

Inefficient Regular Expression Complexity in Loofah
Open

Loofah XSS Vulnerability
Open

Possible DoS Vulnerability in Active Record PostgreSQL adapter
Open

XML Injection in Xerces Java affects Nokogiri
Open

ReDoS based DoS vulnerability in Action Dispatch
Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

Possible XSS vulnerability in ActionView
Open

Directory traversal in Rack::Directory app bundled with Rack
Open

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

Loofah XSS Vulnerability
Open

Inefficient Regular Expression Complexity in Nokogiri
Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

ReDoS based DoS vulnerability in Action Dispatch
Open

Potential XSS vulnerability in Action View
Open

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

Out-of-bounds Write in zlib affects Nokogiri
Open