Issues - njazari/sef-founderwall

Nokogiri gem, via libxml2, is affected by multiple vulnerabilities
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-14404

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1785

Solution: upgrade to >= 1.8.5

Potential XSS vulnerability in jQuery
Open

    jquery-rails (4.2.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-11023

Criticality: Medium

URL: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released

Solution: upgrade to >= 4.4.0

Inefficient Regular Expression Complexity in Loofah
Open

    loofah (2.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23514

Criticality: High

URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-486f-hjj9-9vhh

Solution: upgrade to >= 2.19.1

Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2017-5029

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1634

Solution: upgrade to >= 1.7.2

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2017-16932

URL: https://github.com/sparklemotion/nokogiri/issues/1714

Solution: upgrade to >= 1.8.1

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-cgx6-hpwq-fhv5

Solution: upgrade to >= 1.13.5

Out-of-bounds Write in zlib affects Nokogiri
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-25032

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5

Solution: upgrade to >= 1.13.4

Prototype pollution attack through jQuery $.extend
Open

    jquery-rails (4.2.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-11358

Criticality: Medium

URL: https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/

Solution: upgrade to >= 4.3.4

XSS vulnerability via data-target in bootstrap-sass
Open

    bootstrap-sass (3.3.7)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2016-10735

Criticality: Medium

URL: https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/

Solution: upgrade to >= 3.4.0

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64

Solution: upgrade to >= 1.11.4

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-26247

Criticality: Low

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m

Solution: upgrade to >= 1.11.0.rc4

Loofah XSS Vulnerability
Open

    loofah (2.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-15587

Criticality: Medium

URL: https://github.com/flavorjones/loofah/issues/171

Solution: upgrade to >= 2.3.1

Loofah XSS Vulnerability
Open

    loofah (2.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-8048

Criticality: Medium

URL: https://github.com/flavorjones/loofah/issues/144

Solution: upgrade to >= 2.2.1

XML Injection in Xerces Java affects Nokogiri
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23437

Criticality: Medium

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xxx9-3xcr-gjj3

Solution: upgrade to >= 1.13.4

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-13117

URL: https://github.com/sparklemotion/nokogiri/issues/1943

Solution: upgrade to >= 1.10.5

Loofah XSS Vulnerability
Open

    loofah (2.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-16468

Criticality: Medium

URL: https://github.com/flavorjones/loofah/issues/154

Solution: upgrade to >= 2.2.3

Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2017-9050

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1673

Solution: upgrade to >= 1.8.1

Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-11068

URL: https://github.com/sparklemotion/nokogiri/issues/1892

Solution: upgrade to >= 1.10.3

Devise Gem for Ruby Time-of-check Time-of-use race condition with lockable module
Open

    devise (4.2.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-5421

Criticality: Critical

URL: https://github.com/plataformatec/devise/issues/4981

Solution: upgrade to >= 4.6.0

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw

Solution: upgrade to >= 1.13.9

njazari/sef-founderwall

Showing 1,083 of 1,083 total issues

Nokogiri gem, via libxml2, is affected by multiple vulnerabilities
Open

Potential XSS vulnerability in jQuery
Open

Inefficient Regular Expression Complexity in Loofah
Open

Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29
Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

Out-of-bounds Write in zlib affects Nokogiri
Open

Prototype pollution attack through jQuery $.extend
Open

XSS vulnerability via data-target in bootstrap-sass
Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

Loofah XSS Vulnerability
Open

Loofah XSS Vulnerability
Open

XML Injection in Xerces Java affects Nokogiri
Open

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

Loofah XSS Vulnerability
Open

Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities
Open

Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Open

Devise Gem for Ruby Time-of-check Time-of-use race condition with lockable module
Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

Severity

Category

Status

Source

Language

njazari/sef-founderwall

Showing 1,083 of 1,083 total issues

Nokogiri gem, via libxml2, is affected by multiple vulnerabilities Open

Potential XSS vulnerability in jQuery Open

Inefficient Regular Expression Complexity in Loofah Open

Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29 Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities Open

Integer Overflow or Wraparound in libxml2 affects Nokogiri Open

Out-of-bounds Write in zlib affects Nokogiri Open

Prototype pollution attack through jQuery $.extend Open

XSS vulnerability via data-target in bootstrap-sass Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12 Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability Open

Loofah XSS Vulnerability Open

Loofah XSS Vulnerability Open

XML Injection in Xerces Java affects Nokogiri Open

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities Open

Loofah XSS Vulnerability Open

Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities Open

Nokogiri gem, via libxslt, is affected by improper access control vulnerability Open

Devise Gem for Ruby Time-of-check Time-of-use race condition with lockable module Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs Open

Severity

Category

Status

Source

Language

Nokogiri gem, via libxml2, is affected by multiple vulnerabilities
Open

Potential XSS vulnerability in jQuery
Open

Inefficient Regular Expression Complexity in Loofah
Open

Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29
Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

Out-of-bounds Write in zlib affects Nokogiri
Open

Prototype pollution attack through jQuery $.extend
Open

XSS vulnerability via data-target in bootstrap-sass
Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

Loofah XSS Vulnerability
Open

Loofah XSS Vulnerability
Open

XML Injection in Xerces Java affects Nokogiri
Open

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

Loofah XSS Vulnerability
Open

Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities
Open

Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Open

Devise Gem for Ruby Time-of-check Time-of-use race condition with lockable module
Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open