Gemfile.lock from pgaspar/oqfc

Gemfile.lock

Summary

Maintainability

Test Coverage

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

    json (1.8.6)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-10663

Criticality: High

URL: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/

Solution: upgrade to >= 2.3.0

Sinatra vulnerable to Reflected File Download attack
Open

    sinatra (2.0.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-45442

Criticality: High

URL: https://github.com/sinatra/sinatra/security/advisories/GHSA-2x8x-jmrp-phxw

Solution: upgrade to ~> 2.2.3, >= 3.0.4

sinatra does not validate expanded path matches
Open

    sinatra (2.0.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-29970

Criticality: High

URL: https://github.com/sinatra/sinatra/pull/1683

Solution: upgrade to >= 2.2.0

Directory traversal in Rack::Directory app bundled with Rack
Open

    rack (2.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8161

Criticality: High

URL: https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA

Solution: upgrade to ~> 2.1.3, >= 2.2.0

Regular Expression Denial of Service in Addressable templates
Open

    addressable (2.5.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-32740

Criticality: High

URL: https://github.com/advisories/GHSA-jxhc-q857-3j6g

Solution: upgrade to >= 2.8.0

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

    rack (2.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8184

Criticality: High

URL: https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak

Solution: upgrade to ~> 2.1.4, >= 2.2.3

Denial of Service Vulnerability in Rack Multipart Parsing
Open

    rack (2.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-30122

Criticality: High

URL: https://groups.google.com/g/ruby-security-ann/c/L2Axto442qk

Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1

Possible shell escape sequence injection vulnerability in Rack
Open

    rack (2.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-30123

Criticality: Critical

URL: https://groups.google.com/g/ruby-security-ann/c/LWB10kWzag8

Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1

Denial of service via header parsing in Rack
Open

    rack (2.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-44570

URL: https://github.com/rack/rack/releases/tag/v3.0.4.1

Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.2, ~> 2.2.6, >= 3.0.4.1

Possible XSS vulnerability in Rack
Open

    rack (2.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-16471

URL: https://groups.google.com/forum/#!topic/ruby-security-ann/NAalCee8n6o

Solution: upgrade to ~> 1.6.11, >= 2.0.6

sinatra ruby gem path traversal via backslash characters on Windows
Open

    sinatra (2.0.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-7212

Criticality: Medium

URL: https://github.com/sinatra/sinatra/pull/1379

Solution: upgrade to >= 2.0.1

Denial of Service Vulnerability in Rack Content-Disposition parsing
Open

    rack (2.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-44571

URL: https://github.com/rack/rack/releases/tag/v3.0.4.1

Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.1, ~> 2.2.6, >= 3.0.4.1

Path traversal is possible via backslash characters on Windows.
Open

    rack-protection (2.0.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-7212

URL: https://github.com/sinatra/sinatra/pull/1379

Solution: upgrade to >= 2.0.1, ~> 1.5.4

XSS via the 400 Bad Request page
Open

    sinatra (2.0.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-11627

Criticality: Medium

URL: https://github.com/sinatra/sinatra/issues/1428

Solution: upgrade to >= 2.0.2

Denial of service via multipart parsing in Rack
Open

    rack (2.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-44572

URL: https://github.com/rack/rack/releases/tag/v3.0.4.1

Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.1, ~> 2.2.6, >= 3.0.4.1

Possible information leak / session hijack vulnerability
Open

    rack (2.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-16782

Criticality: Medium

URL: https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3

Solution: upgrade to ~> 1.6.12, >= 2.0.8

pgaspar/oqfc

Summary

Maintainability

Test Coverage

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

Sinatra vulnerable to Reflected File Download attack
Open

sinatra does not validate expanded path matches
Open

Directory traversal in Rack::Directory app bundled with Rack
Open

Regular Expression Denial of Service in Addressable templates
Open

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

Denial of Service Vulnerability in Rack Multipart Parsing
Open

Possible shell escape sequence injection vulnerability in Rack
Open

Denial of service via header parsing in Rack
Open

Possible XSS vulnerability in Rack
Open

sinatra ruby gem path traversal via backslash characters on Windows
Open

Denial of Service Vulnerability in Rack Content-Disposition parsing
Open

Path traversal is possible via backslash characters on Windows.
Open

XSS via the 400 Bad Request page
Open

Denial of service via multipart parsing in Rack
Open

Possible information leak / session hijack vulnerability
Open

There are no issues that match your filters.

Category

Status

pgaspar/oqfc

Summary

Maintainability

Test Coverage

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix) Open

Sinatra vulnerable to Reflected File Download attack Open

sinatra does not validate expanded path matches Open

Directory traversal in Rack::Directory app bundled with Rack Open

Regular Expression Denial of Service in Addressable templates Open

Percent-encoded cookies can be used to overwrite existing prefixed cookie names Open

Denial of Service Vulnerability in Rack Multipart Parsing Open

Possible shell escape sequence injection vulnerability in Rack Open

Denial of service via header parsing in Rack Open

Possible XSS vulnerability in Rack Open

sinatra ruby gem path traversal via backslash characters on Windows Open

Denial of Service Vulnerability in Rack Content-Disposition parsing Open

Path traversal is possible via backslash characters on Windows. Open

XSS via the 400 Bad Request page Open

Denial of service via multipart parsing in Rack Open

Possible information leak / session hijack vulnerability Open

There are no issues that match your filters.

Category

Status

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

Sinatra vulnerable to Reflected File Download attack
Open

sinatra does not validate expanded path matches
Open

Directory traversal in Rack::Directory app bundled with Rack
Open

Regular Expression Denial of Service in Addressable templates
Open

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

Denial of Service Vulnerability in Rack Multipart Parsing
Open

Possible shell escape sequence injection vulnerability in Rack
Open

Denial of service via header parsing in Rack
Open

Possible XSS vulnerability in Rack
Open

sinatra ruby gem path traversal via backslash characters on Windows
Open

Denial of Service Vulnerability in Rack Content-Disposition parsing
Open

Path traversal is possible via backslash characters on Windows.
Open

XSS via the 400 Bad Request page
Open

Denial of service via multipart parsing in Rack
Open

Possible information leak / session hijack vulnerability
Open