publiclab/mapknitter

View on GitHub
Gemfile.lock

Summary

Maintainability
Test Coverage

ReDoS based DoS vulnerability in GlobalID
Open

    globalid (0.4.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2023-22799

URL: https://github.com/rails/globalid/releases/tag/v1.0.1

Solution: upgrade to >= 1.0.1

Inefficient Regular Expression Complexity in Loofah
Open

    loofah (2.18.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23514

Criticality: High

URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-486f-hjj9-9vhh

Solution: upgrade to >= 2.19.1

httparty has multipart/form-data request tampering vulnerability
Open

    httparty (0.20.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory:

Criticality: Medium

URL: https://github.com/jnunemaker/httparty/security/advisories/GHSA-5pq7-52mg-hr42

Solution: upgrade to >= 0.21.0

Uncontrolled Recursion in Loofah
Open

    loofah (2.18.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23516

Criticality: High

URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-3x8r-x6xp-q4vm

Solution: upgrade to >= 2.19.1

Improper neutralization of data URIs may allow XSS in Loofah
Open

    loofah (2.18.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23515

Criticality: Medium

URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-228g-948r-83gx

Solution: upgrade to >= 2.19.1

Unchecked return value from xmlTextReaderExpand
Open

    nokogiri (1.13.8)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23476

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-qv4q-mr5r-qprj

Solution: upgrade to >= 1.13.10

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

    rails-html-sanitizer (1.4.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23519

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h

Solution: upgrade to >= 1.4.4

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

    rails-html-sanitizer (1.4.3)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23517

Criticality: High

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w

Solution: upgrade to >= 1.4.4

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

    rails-html-sanitizer (1.4.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23520

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8

Solution: upgrade to >= 1.4.4

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

    rails-html-sanitizer (1.4.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23518

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m

Solution: upgrade to >= 1.4.4

Denial of Service Vulnerability in Rack Content-Disposition parsing
Open

    rack (2.2.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-44571

URL: https://github.com/rack/rack/releases/tag/v3.0.4.1

Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.1, ~> 2.2.6, >= 3.0.4.1

Denial of service via multipart parsing in Rack
Open

    rack (2.2.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-44572

URL: https://github.com/rack/rack/releases/tag/v3.0.4.1

Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.1, ~> 2.2.6, >= 3.0.4.1

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

    nokogiri (1.13.8)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Denial of service via header parsing in Rack
Open

    rack (2.2.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-44570

URL: https://github.com/rack/rack/releases/tag/v3.0.4.1

Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.2, ~> 2.2.6, >= 3.0.4.1

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

    activerecord (5.2.8)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-44566

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

ReDoS based DoS vulnerability in Active Support’s underscore
Open

    activesupport (5.2.8)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2023-22796

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

ReDoS based DoS vulnerability in Action Dispatch
Open

    actionpack (5.2.8)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2023-22795

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Possible RCE escalation bug with Serialized Columns in Active Record
Open

    activerecord (5.2.8)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-32224

Criticality: Critical

URL: https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U

Solution: upgrade to >= 5.2.8.1, ~> 5.2.8, >= 6.0.5.1, ~> 6.0.5, >= 6.1.6.1, ~> 6.1.6, >= 7.0.3.1

ReDoS based DoS vulnerability in Action Dispatch
Open

    actionpack (5.2.8)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2023-22792

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

There are no issues that match your filters.

Category
Status