Sign upLogin

roshiro/openws_one

View on GitHub
Star

Showing 90 of 90 total issues

Possible Information Leak Vulnerability in Action View
Open

    actionview (4.1.4)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2016-0752

Criticality: High

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/335P1DcLG00

Solution: upgrade to >= 5.0.0.beta1.1, >= 4.2.5.1, ~> 4.2.5, >= 4.1.14.1, ~> 4.1.14

Nested attributes rejection proc bypass in Active Record
Open

    activerecord (4.1.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2015-7577

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/cawsWcQ6c8g

Solution: upgrade to >= 5.0.0.beta1.1, >= 4.2.5.1, ~> 4.2.5, >= 4.1.14.1, ~> 4.1.14, ~> 3.2.22.1

rack-cors Gem Missing Anchor permits unauthorized CORS requests
Open

    rack-cors (0.4.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2017-11173

Criticality: High

URL: https://github.com/cyu/rack-cors/issues/86

Solution: upgrade to >= 0.4.1

Path Traversal in Sprockets
Open

    sprockets (2.12.4)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2018-3760

Criticality: High

URL: https://groups.google.com/forum/#!topic/ruby-security-ann/2S9Pwz2i16k

Solution: upgrade to < 3.0.0, >= 2.12.5, < 4.0.0, >= 3.7.2, >= 4.0.0.beta8

Object leak vulnerability for wildcard controller routes in Action Pack
Open

    actionpack (4.1.4)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2015-7581

Criticality: High

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/dthJ5wL69JE

Solution: upgrade to >= 4.2.5.1, ~> 4.2.5, >= 4.1.14.1, ~> 4.1.14

Possible Information Leak Vulnerability in Action View
Open

    actionview (4.1.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2016-2097

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/ddY6HgqB2z4

Solution: upgrade to >= 4.1.14.2, ~> 4.1.14

Data Injection Vulnerability in Active Record
Open

    activerecord (4.1.4)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2014-3514

Criticality: High

URL: https://groups.google.com/forum/#!msg/rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ

Solution: upgrade to ~> 4.0.9, >= 4.1.5

XSS Vulnerability in ActiveSupport::JSON.encode
Open

    activesupport (4.1.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2015-3226

URL: https://groups.google.com/forum/#!topic/ruby-security-ann/7VlB_pck3hU

Solution: upgrade to >= 4.2.2, ~> 4.1.11

Rails 4.1.4 does not encode JSON keys (CVE-2015-3226). Upgrade to Rails version 4.1.11
Open

    rails (4.1.4)
Severity: Minor
Found in Gemfile.lock by brakeman

Read more: https://groups.google.com/d/msg/rubyonrails-security/7VlB_pck3hU/3QZrGIaQW6cJ

create_with is vulnerable to strong params bypass. Upgrade to Rails 4.1.5 or patch
Open

    rails (4.1.4)
Severity: Minor
Found in Gemfile.lock by brakeman

Read more: https://groups.google.com/d/msg/rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ

Rails 4.1.4 is vulnerable to denial of service via mime type caching (CVE-2016-0751). Upgrade to Rails version 4.1.14.1
Open

    rails (4.1.4)
Severity: Minor
Found in Gemfile.lock by brakeman

Read more: https://groups.google.com/d/msg/rubyonrails-security/9oLY_FCzvoc/w9oI9XxbFQAJ

Rails 4.1.4 is vulnerable to denial of service via XML parsing (CVE-2015-3227). Upgrade to Rails version 4.1.11
Open

    rails (4.1.4)
Severity: Minor
Found in Gemfile.lock by brakeman

Read more: https://groups.google.com/d/msg/rubyonrails-security/bahr2JLnxvk/x4EocXnHPp8J

Rails 4.1.4 content_tag does not escape double quotes in attribute values (CVE-2016-6316). Upgrade to 4.2.7.1
Open

    rails (4.1.4)
Severity: Minor
Found in Gemfile.lock by brakeman

Read more: https://groups.google.com/d/msg/ruby-security-ann/8B2iV2tPRSE/JkjCJkSoCgAJ

Parsing error: 'import' and 'export' may appear only with 'sourceType: module'
Open

import React from 'react';
Severity: Minor
Found in ui/src/index.js by eslint

For more information visit Source: http://eslint.org/docs/rules/

Parsing error: 'import' and 'export' may appear only with 'sourceType: module'
Open

import { combineReducers } from 'redux'
Severity: Minor
Found in webpack/ui/reducers/index.js by eslint

For more information visit Source: http://eslint.org/docs/rules/

Parsing error: 'import' and 'export' may appear only with 'sourceType: module'
Open

import React from 'react';
Severity: Minor
Found in ui/src/App.test.js by eslint

For more information visit Source: http://eslint.org/docs/rules/

Rule doesn't have all its properties in alphabetical order.
Open

body {
Severity: Minor
Found in ui/src/index.css by csslint

Parsing error: 'import' and 'export' may appear only with 'sourceType: module'
Open

import React, { Component } from 'react';
Severity: Minor
Found in ui/src/App.js by eslint

For more information visit Source: http://eslint.org/docs/rules/

Parsing error: Unexpected token ...
Open

        ...state,
Severity: Minor
Found in webpack/ui/reducers/user.js by eslint

For more information visit Source: http://eslint.org/docs/rules/

Parsing error: 'import' and 'export' may appear only with 'sourceType: module'
Open

import React, { Component } from 'react';
Severity: Minor
Found in ui/src/components/CollectionList.js by eslint

For more information visit Source: http://eslint.org/docs/rules/

Severity
Category
Status
Source
Language