Showing 439 of 439 total issues
ReDoS based DoS vulnerability in GlobalID Open
globalid (0.4.2)- Read upRead up
- Exclude checks
Advisory: CVE-2023-22799
URL: https://github.com/rails/globalid/releases/tag/v1.0.1
Solution: upgrade to >= 1.0.1
Improper neutralization of noscript element content may allow XSS in Sanitize Open
sanitize (5.0.0)- Read upRead up
- Exclude checks
Advisory: CVE-2023-23627
Criticality: Medium
URL: https://github.com/rgrove/sanitize/security/advisories/GHSA-fw3g-2h3j-qmm7
Solution: upgrade to >= 6.0.1
CSRF vulnerability in OmniAuth's request phase Open
omniauth (1.9.0)- Read upRead up
- Exclude checks
Advisory: CVE-2015-9284
Criticality: High
URL: https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284
Solution: upgrade to >= 2.0.0
Block has too many lines. [163/25] Open
namespace :dev do
desc 'Sample data for local development environment'
task prime: :environment do
Faker::UniqueGenerator.clear
- Read upRead up
- Exclude checks
This cop checks if the length of a block exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable. The cop can be configured to ignore blocks passed to certain methods.
Block has too many lines. [160/25] Open
task prime: :environment do
Faker::UniqueGenerator.clear
steps = 9
- Read upRead up
- Exclude checks
This cop checks if the length of a block exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable. The cop can be configured to ignore blocks passed to certain methods.
Class has too many lines. [120/100] Open
class DesignsController < ApplicationController
include AhoyActions
before_action :authenticate_user!, except: %i[show latest popular]
before_action :design, only: %i[show edit update destroy download like]- Read upRead up
- Exclude checks
This cop checks if the length a class exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
Class has too many lines. [116/100] Open
class Design < ApplicationRecord
extend FriendlyId
include Taggable
include Sortable- Read upRead up
- Exclude checks
This cop checks if the length a class exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
Older releases of better_errors open to Cross-Site Request Forgery attack Open
better_errors (2.5.1)- Read upRead up
- Exclude checks
Advisory: CVE-2021-39197
Criticality: Medium
URL: https://github.com/BetterErrors/better_errors/security/advisories/GHSA-w3j4-76qw-wwjm
Solution: upgrade to >= 2.8.0
Improper neutralization of data URIs may allow XSS in Loofah Open
loofah (2.4.0)- Read upRead up
- Exclude checks
Advisory: CVE-2022-23515
Criticality: Medium
URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-228g-948r-83gx
Solution: upgrade to >= 2.19.1
Gon gem lack of escaping certain input when outputting as JSON Open
gon (6.2.1)- Read upRead up
- Exclude checks
Advisory: CVE-2020-25739
Criticality: Medium
URL: https://github.com/gazay/gon/commit/fe3c7b2191a992386dc9edd37de5447a4e809bc7
Solution: upgrade to >= 6.4.0
Inefficient Regular Expression Complexity in Loofah Open
loofah (2.4.0)- Read upRead up
- Exclude checks
Advisory: CVE-2022-23514
Criticality: High
URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-486f-hjj9-9vhh
Solution: upgrade to >= 2.19.1
Integer Overflow or Wraparound in libxml2 affects Nokogiri Open
nokogiri (1.10.8)- Read upRead up
- Exclude checks
Advisory:
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-cgx6-hpwq-fhv5
Solution: upgrade to >= 1.13.5
Uncontrolled Recursion in Loofah Open
loofah (2.4.0)- Read upRead up
- Exclude checks
Advisory: CVE-2022-23516
Criticality: High
URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-3x8r-x6xp-q4vm
Solution: upgrade to >= 2.19.1
Geocoder gem for Ruby contains possible SQL injection vulnerability Open
geocoder (1.5.2)- Read upRead up
- Exclude checks
Advisory: CVE-2020-7981
Criticality: Critical
URL: https://github.com/alexreisner/geocoder/blob/master/CHANGELOG.md#161-2020-jan-23
Solution: upgrade to >= 1.6.1
JMESPath for Ruby using JSON.load instead of JSON.parse Open
jmespath (1.4.0)- Read upRead up
- Exclude checks
Advisory: CVE-2022-32511
Criticality: Critical
URL: https://github.com/jmespath/jmespath.rb/pull/55
Solution: upgrade to >= 1.6.1
Potential XSS vulnerability in jQuery Open
jquery-rails (4.3.3)- Read upRead up
- Exclude checks
Advisory: CVE-2020-11023
Criticality: Medium
URL: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released
Solution: upgrade to >= 4.4.0
json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix) Open
json (2.2.0)- Read upRead up
- Exclude checks
Advisory: CVE-2020-10663
Criticality: High
URL: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/
Solution: upgrade to >= 2.3.0
Regular Expression Denial of Service in Addressable templates Open
addressable (2.7.0)- Read upRead up
- Exclude checks
Advisory: CVE-2021-32740
Criticality: High
URL: https://github.com/advisories/GHSA-jxhc-q857-3j6g
Solution: upgrade to >= 2.8.0
Update bundled libxml2 to v2.10.3 to resolve multiple CVEs Open
nokogiri (1.10.8)- Read upRead up
- Exclude checks
Advisory:
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw
Solution: upgrade to >= 1.13.9
Improper neutralization of data URIs may allow XSS in rails-html-sanitizer Open
rails-html-sanitizer (1.3.0)- Read upRead up
- Exclude checks
Advisory: CVE-2022-23518
Criticality: Medium
URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m
Solution: upgrade to >= 1.4.4