Issues - rails-stall/stall

CSRF Vulnerability in rails-ujs
Open

    actionview (4.2.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

ReDoS based DoS vulnerability in GlobalID
Open

    globalid (0.4.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

simple_form Gem for Ruby Incorrect Access Control for forms based on user input
Open

    simple_form (3.4.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Possible XSS vulnerability in ActionView
Open

    actionview (4.2.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Denial of Service Vulnerability in Rack Multipart Parsing
Open

    rack (1.6.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Possible Strong Parameters Bypass in ActionPack
Open

    actionpack (4.2.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Possible DoS Vulnerability in Active Record PostgreSQL adapter
Open

    activerecord (4.2.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

    rack (1.6.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

OS Command Injection in Rake
Open

    rake (10.4.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

ReDoS based DoS vulnerability in Action Dispatch
Open

    actionpack (4.2.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

ReDoS based DoS vulnerability in Action Dispatch
Open

    actionpack (4.2.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Possible RCE escalation bug with Serialized Columns in Active Record
Open

    activerecord (4.2.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Potential XSS vulnerability in Action View
Open

    actionview (4.2.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

ReDoS based DoS vulnerability in Active Support’s underscore
Open

    activesupport (4.2.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
Open

    activesupport (4.2.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

haml failure to escape single quotes
Open

    haml (4.0.7)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

    json (1.8.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Possible Information Disclosure / Unintended Method Execution in Action Pack
Open

    actionpack (4.2.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Denial of service via header parsing in Rack
Open

    rack (1.6.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Possible DoS Vulnerability in Action Controller Token Authentication
Open

    actionpack (4.2.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

rails-stall/stall

Showing 168 of 168 total issues

CSRF Vulnerability in rails-ujs
Open

ReDoS based DoS vulnerability in GlobalID
Open

simple_form Gem for Ruby Incorrect Access Control for forms based on user input
Open

Possible XSS vulnerability in ActionView
Open

Denial of Service Vulnerability in Rack Multipart Parsing
Open

Possible Strong Parameters Bypass in ActionPack
Open

Possible DoS Vulnerability in Active Record PostgreSQL adapter
Open

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

OS Command Injection in Rake
Open

ReDoS based DoS vulnerability in Action Dispatch
Open

ReDoS based DoS vulnerability in Action Dispatch
Open

Possible RCE escalation bug with Serialized Columns in Active Record
Open

Potential XSS vulnerability in Action View
Open

ReDoS based DoS vulnerability in Active Support’s underscore
Open

Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
Open

haml failure to escape single quotes
Open

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

Possible Information Disclosure / Unintended Method Execution in Action Pack
Open

Denial of service via header parsing in Rack
Open

Possible DoS Vulnerability in Action Controller Token Authentication
Open

Severity

Category

Status

Source

Language

rails-stall/stall

Showing 168 of 168 total issues

CSRF Vulnerability in rails-ujs Open

ReDoS based DoS vulnerability in GlobalID Open

simple_form Gem for Ruby Incorrect Access Control for forms based on user input Open

Possible XSS vulnerability in ActionView Open

Denial of Service Vulnerability in Rack Multipart Parsing Open

Possible Strong Parameters Bypass in ActionPack Open

Possible DoS Vulnerability in Active Record PostgreSQL adapter Open

Percent-encoded cookies can be used to overwrite existing prefixed cookie names Open

OS Command Injection in Rake Open

ReDoS based DoS vulnerability in Action Dispatch Open

ReDoS based DoS vulnerability in Action Dispatch Open

Possible RCE escalation bug with Serialized Columns in Active Record Open

Potential XSS vulnerability in Action View Open

ReDoS based DoS vulnerability in Active Support’s underscore Open

Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore Open

haml failure to escape single quotes Open

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix) Open

Possible Information Disclosure / Unintended Method Execution in Action Pack Open

Denial of service via header parsing in Rack Open

Possible DoS Vulnerability in Action Controller Token Authentication Open

Severity

Category

Status

Source

Language

CSRF Vulnerability in rails-ujs
Open

ReDoS based DoS vulnerability in GlobalID
Open

simple_form Gem for Ruby Incorrect Access Control for forms based on user input
Open

Possible XSS vulnerability in ActionView
Open

Denial of Service Vulnerability in Rack Multipart Parsing
Open

Possible Strong Parameters Bypass in ActionPack
Open

Possible DoS Vulnerability in Active Record PostgreSQL adapter
Open

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

OS Command Injection in Rake
Open

ReDoS based DoS vulnerability in Action Dispatch
Open

ReDoS based DoS vulnerability in Action Dispatch
Open

Possible RCE escalation bug with Serialized Columns in Active Record
Open

Potential XSS vulnerability in Action View
Open

ReDoS based DoS vulnerability in Active Support’s underscore
Open

Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
Open

haml failure to escape single quotes
Open

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

Possible Information Disclosure / Unintended Method Execution in Action Pack
Open

Denial of service via header parsing in Rack
Open

Possible DoS Vulnerability in Action Controller Token Authentication
Open