philou/planning-poker

View on GitHub

Showing 29 of 31 total issues

Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Open

    nokogiri (1.8.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-11068

URL: https://github.com/sparklemotion/nokogiri/issues/1892

Solution: upgrade to >= 1.10.3

XSS vulnerability via data-target in bootstrap-sass
Open

    bootstrap-sass (3.3.7)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2016-10735

Criticality: Medium

URL: https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/

Solution: upgrade to >= 3.4.0

XSS vulnerability in bootstrap-sass
Open

    bootstrap-sass (3.3.7)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-8331

Criticality: Medium

URL: https://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/

Solution: upgrade to >= 3.4.1

Loofah XSS Vulnerability
Open

    loofah (2.2.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-16468

URL: https://github.com/flavorjones/loofah/issues/154

Solution: upgrade to >= 2.2.3

Nokogiri gem, via libxml2, is affected by multiple vulnerabilities
Open

    nokogiri (1.8.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-14404

URL: https://github.com/sparklemotion/nokogiri/issues/1785

Solution: upgrade to >= 1.8.5

Denial of Service Vulnerability in Action View
Open

    actionview (5.2.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-5419

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/GN7w9fFAQeI

Solution: upgrade to >= 6.0.0.beta3, >= 5.2.2.1, ~> 5.2.2, >= 5.1.6.2, ~> 5.1.6, >= 5.0.7.2, ~> 5.0.7, >= 4.2.11.1, ~> 4.2.11

File Content Disclosure in Action View
Open

    actionview (5.2.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-5418

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q

Solution: upgrade to >= 4.2.11.1, ~> 4.2.11, >= 5.0.7.2, ~> 5.0.7, >= 5.1.6.2, ~> 5.1.6, >= 5.2.2.1, ~> 5.2.2, >= 6.0.0.beta3

Possible Remote Code Execution Exploit in Rails Development Mode
Open

    railties (5.2.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-5420

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/IsQKvDqZdKw

Solution: upgrade to >= 5.2.2.1, ~> 5.2.2, >= 6.0.0.beta3

Broken Access Control vulnerability in Active Job
Open

    activejob (5.2.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-16476

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/FL4dSdzr2zw

Solution: upgrade to ~> 4.2.11, ~> 5.0.7.1, ~> 5.1.6.1, ~> 5.1.7, >= 5.2.1.1

Bypass vulnerability in Active Storage
Open

    activestorage (5.2.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-16477

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/3KQRnXDIuLg

Solution: upgrade to >= 5.2.1.1

The use of eval is a serious security risk.
Open

eval(`cat #{Rails.root.to_s}/db/schema.rb | sed 's/,[^:]*: :serial\//g'`)
Severity: Minor
Found in spec/rails_helper.rb by rubocop

This cop checks for the use of Kernel#eval and Binding#eval.

Example:

# bad

eval(something)
binding.eval(something)

TODO found
Open

  <% # TODO get rid of these 2 'if' %>
Severity: Minor
Found in app/views/contributors/show.html.erb by fixme

TODO found
Open

    # TODO update jasmine test framework version
Severity: Minor
Found in spec/teaspoon_env.rb by fixme

TODO found
Open

    # TODO use stream_to instead
Severity: Minor
Found in app/channels/team_channel.rb by fixme

TODO found
Open

# TODO remove the 'from his browser' from the step def. This is really implementation specific

TODO found
Open

# TODO add a primary key on teams(name)
Severity: Minor
Found in db/todo.rb by fixme

TODO found
Open

  # TODO do some polling instead of sleeping for a full second

TODO found
Open

  # TODO Write unit test for the subscription when the action cable tests commits are available (https://github.com/rails/rails/pull/23211 and https://github.com/rspec/rspec-rails/issues/1606)
Severity: Minor
Found in spec/channels/team_channel_spec.rb by fixme

TODO found
Open

  # TODO upgrade postgresql to the same as Heroku
Severity: Minor
Found in docker-compose.yml by fixme

TODO found
Open

<% # TODO use a view presenter to simplify this view %>
Severity: Minor
Found in app/views/votes/_not_running.html.erb by fixme
Severity
Category
Status
Source
Language