Issues - paweljw/bookstore-backend

Keepalive Connections Causing Denial Of Service in puma
Open

    puma (3.11.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

ReDoS based DoS vulnerability in GlobalID
Open

    globalid (0.4.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma
Open

    puma (3.11.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

HTTP Request Smuggling in puma
Open

    puma (3.11.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Information Exposure with Puma when used with Rails
Open

    puma (3.11.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Potential XSS vulnerability in Action View
Open

    actionview (5.1.6)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Possible XSS vulnerability in ActionView
Open

    actionview (5.1.6)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Open

    nokogiri (1.8.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

    puma (3.11.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Possible exposure of information vulnerability in Action Pack
Open

    actionpack (5.1.6)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Possible RCE escalation bug with Serialized Columns in Active Record
Open

    activerecord (5.1.6)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

    nokogiri (1.8.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

XML Injection in Xerces Java affects Nokogiri
Open

    nokogiri (1.8.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Out-of-bounds Write in zlib affects Nokogiri
Open

    nokogiri (1.8.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

HTTP Response Splitting (Early Hints) in Puma
Open

    puma (3.11.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Possible Information Disclosure / Unintended Method Execution in Action Pack
Open

    actionpack (5.1.6)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Ability to forge per-form CSRF tokens given a global CSRF token
Open

    actionpack (5.1.6)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Possible XSS Vulnerability in Action View tag helpers
Open

    actionview (5.1.6)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

paweljw/bookstore-backend

Showing 102 of 102 total issues

Keepalive Connections Causing Denial Of Service in puma
Open

ReDoS based DoS vulnerability in GlobalID
Open

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma
Open

HTTP Request Smuggling in puma
Open

Information Exposure with Puma when used with Rails
Open

Potential XSS vulnerability in Action View
Open

Possible XSS vulnerability in ActionView
Open

Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Open

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

Possible exposure of information vulnerability in Action Pack
Open

Possible RCE escalation bug with Serialized Columns in Active Record
Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

XML Injection in Xerces Java affects Nokogiri
Open

Out-of-bounds Write in zlib affects Nokogiri
Open

HTTP Response Splitting (Early Hints) in Puma
Open

Possible Information Disclosure / Unintended Method Execution in Action Pack
Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

Ability to forge per-form CSRF tokens given a global CSRF token
Open

Possible XSS Vulnerability in Action View tag helpers
Open

Severity

Category

Status

Source

Language

paweljw/bookstore-backend

Showing 102 of 102 total issues

Keepalive Connections Causing Denial Of Service in puma Open

ReDoS based DoS vulnerability in GlobalID Open

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma Open

HTTP Request Smuggling in puma Open

Information Exposure with Puma when used with Rails Open

Potential XSS vulnerability in Action View Open

Possible XSS vulnerability in ActionView Open

Nokogiri gem, via libxslt, is affected by improper access control vulnerability Open

HTTP Smuggling via Transfer-Encoding Header in Puma Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer Open

Possible exposure of information vulnerability in Action Pack Open

Possible RCE escalation bug with Serialized Columns in Active Record Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file Open

XML Injection in Xerces Java affects Nokogiri Open

Out-of-bounds Write in zlib affects Nokogiri Open

HTTP Response Splitting (Early Hints) in Puma Open

Possible Information Disclosure / Unintended Method Execution in Action Pack Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer Open

Ability to forge per-form CSRF tokens given a global CSRF token Open

Possible XSS Vulnerability in Action View tag helpers Open

Severity

Category

Status

Source

Language

Keepalive Connections Causing Denial Of Service in puma
Open

ReDoS based DoS vulnerability in GlobalID
Open

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma
Open

HTTP Request Smuggling in puma
Open

Information Exposure with Puma when used with Rails
Open

Potential XSS vulnerability in Action View
Open

Possible XSS vulnerability in ActionView
Open

Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Open

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

Possible exposure of information vulnerability in Action Pack
Open

Possible RCE escalation bug with Serialized Columns in Active Record
Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

XML Injection in Xerces Java affects Nokogiri
Open

Out-of-bounds Write in zlib affects Nokogiri
Open

HTTP Response Splitting (Early Hints) in Puma
Open

Possible Information Disclosure / Unintended Method Execution in Action Pack
Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

Ability to forge per-form CSRF tokens given a global CSRF token
Open

Possible XSS Vulnerability in Action View tag helpers
Open