Issues - rike422/loose-leaf

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

    puma (3.6.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-11076

Criticality: High

URL: https://github.com/puma/puma/security/advisories/GHSA-x7jg-6pwg-fx5h

Solution: upgrade to ~> 3.12.5, >= 4.3.4

Potential XSS vulnerability in Action View
Open

    actionview (5.0.0.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-15169

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/b-C9kSGXYrc

Solution: upgrade to >= 5.2.4.4, ~> 5.2.4, >= 6.0.3.3

Possible DoS Vulnerability in Active Record PostgreSQL adapter
Open

    activerecord (5.0.0.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-22880

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/ZzUqCh9vyhI

Solution: upgrade to >= 5.2.4.5, ~> 5.2.4, >= 6.0.3.5, ~> 6.0.3, >= 6.1.2.1

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2017-15412

URL: https://github.com/sparklemotion/nokogiri/issues/1714

Solution: upgrade to >= 1.8.2

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64

Solution: upgrade to >= 1.11.4

HTTP Response Splitting vulnerability in puma
Open

    puma (3.6.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-5247

Criticality: Medium

URL: https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v

Solution: upgrade to ~> 3.12.4, >= 4.3.3

HTTP Response Splitting (Early Hints) in Puma
Open

    puma (3.6.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-5249

Criticality: Medium

URL: https://github.com/puma/puma/security/advisories/GHSA-33vf-4xgg-9r58

Solution: upgrade to ~> 3.12.4, >= 4.3.3

ReDoS based DoS vulnerability in Action Dispatch
Open

    actionpack (5.0.0.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2023-22792

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

CSRF Vulnerability in rails-ujs
Open

    actionview (5.0.0.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8167

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

    json (2.0.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-10663

Criticality: High

URL: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/

Solution: upgrade to >= 2.3.0

Loofah XSS Vulnerability
Open

    loofah (2.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-8048

Criticality: Medium

URL: https://github.com/flavorjones/loofah/issues/144

Solution: upgrade to >= 2.2.1

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-26247

Criticality: Low

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m

Solution: upgrade to >= 1.11.0.rc4

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

    puma (3.6.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-11077

Criticality: Medium

URL: https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm

Solution: upgrade to ~> 3.12.6, >= 4.3.5

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

    activerecord (5.0.0.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-44566

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Out-of-bounds Write in zlib affects Nokogiri
Open

    nokogiri (1.6.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-25032

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5

Solution: upgrade to >= 1.13.4

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

    rails-html-sanitizer (1.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-32209

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/ce9PhUANQ6s

Solution: upgrade to >= 1.4.3

Possible XSS Vulnerability in Action View tag helpers
Open

    actionview (5.0.0.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-27777

Criticality: Medium

URL: https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw

Solution: upgrade to >= 5.2.7.1, ~> 5.2.7, >= 6.0.4.8, ~> 6.0.4, >= 6.1.5.1, ~> 6.1.5, >= 7.0.2.4

ReDoS based DoS vulnerability in Active Support’s underscore
Open

    activesupport (5.0.0.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2023-22796

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Directory traversal in Rack::Directory app bundled with Rack
Open

    rack (2.0.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8161

Criticality: High

URL: https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA

Solution: upgrade to ~> 2.1.3, >= 2.2.0

Possible XSS vulnerability in ActionView
Open

    actionview (5.0.0.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-5267

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/55reWMM_Pg8

Solution: upgrade to >= 5.2.4.2, ~> 5.2.4, >= 6.0.2.2

rike422/loose-leaf

Showing 119 of 119 total issues

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

Potential XSS vulnerability in Action View
Open

Possible DoS Vulnerability in Active Record PostgreSQL adapter
Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

HTTP Response Splitting vulnerability in puma
Open

HTTP Response Splitting (Early Hints) in Puma
Open

ReDoS based DoS vulnerability in Action Dispatch
Open

CSRF Vulnerability in rails-ujs
Open

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

Loofah XSS Vulnerability
Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

Out-of-bounds Write in zlib affects Nokogiri
Open

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

Possible XSS Vulnerability in Action View tag helpers
Open

ReDoS based DoS vulnerability in Active Support’s underscore
Open

Directory traversal in Rack::Directory app bundled with Rack
Open

Possible XSS vulnerability in ActionView
Open

Severity

Category

Status

Source

Language

rike422/loose-leaf

Showing 119 of 119 total issues

HTTP Smuggling via Transfer-Encoding Header in Puma Open

Potential XSS vulnerability in Action View Open

Possible DoS Vulnerability in Active Record PostgreSQL adapter Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12 Open

HTTP Response Splitting vulnerability in puma Open

HTTP Response Splitting (Early Hints) in Puma Open

ReDoS based DoS vulnerability in Action Dispatch Open

CSRF Vulnerability in rails-ujs Open

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix) Open

Loofah XSS Vulnerability Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability Open

HTTP Smuggling via Transfer-Encoding Header in Puma Open

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter Open

Out-of-bounds Write in zlib affects Nokogiri Open

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer Open

Possible XSS Vulnerability in Action View tag helpers Open

ReDoS based DoS vulnerability in Active Support’s underscore Open

Directory traversal in Rack::Directory app bundled with Rack Open

Possible XSS vulnerability in ActionView Open

Severity

Category

Status

Source

Language

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

Potential XSS vulnerability in Action View
Open

Possible DoS Vulnerability in Active Record PostgreSQL adapter
Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

HTTP Response Splitting vulnerability in puma
Open

HTTP Response Splitting (Early Hints) in Puma
Open

ReDoS based DoS vulnerability in Action Dispatch
Open

CSRF Vulnerability in rails-ujs
Open

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

Loofah XSS Vulnerability
Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

Out-of-bounds Write in zlib affects Nokogiri
Open

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

Possible XSS Vulnerability in Action View tag helpers
Open

ReDoS based DoS vulnerability in Active Support’s underscore
Open

Directory traversal in Rack::Directory app bundled with Rack
Open

Possible XSS vulnerability in ActionView
Open