Showing 276 of 276 total issues
Out-of-bounds Write in zlib affects Nokogiri Open
nokogiri (1.7.1)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2018-25032
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5
Solution: upgrade to >= 1.13.4
Revert libxml2 behavior in Nokogiri gem that could cause XSS Open
nokogiri (1.7.1)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2018-8048
URL: https://github.com/sparklemotion/nokogiri/pull/1746
Solution: upgrade to >= 1.8.3
Improper neutralization of data URIs may allow XSS in rails-html-sanitizer Open
rails-html-sanitizer (1.0.3)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2022-23518
Criticality: Medium
URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m
Solution: upgrade to >= 1.4.4
Nokogiri gem, via libxml2, is affected by multiple vulnerabilities Open
nokogiri (1.7.1)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2018-14404
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/issues/1785
Solution: upgrade to >= 1.8.5
HTTP Response Splitting vulnerability in puma Open
puma (3.8.2)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2020-5247
Criticality: Medium
URL: https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v
Solution: upgrade to ~> 3.12.4, >= 4.3.3
Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file Open
nokogiri (1.7.1)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2019-5477
Criticality: Critical
URL: https://github.com/sparklemotion/nokogiri/issues/1915
Solution: upgrade to >= 1.10.4
Update packaged dependency libxml2 from 2.9.10 to 2.9.12 Open
nokogiri (1.7.1)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory:
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64
Solution: upgrade to >= 1.11.4
Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities Open
nokogiri (1.7.1)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2017-9050
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/issues/1673
Solution: upgrade to >= 1.8.1
HTTP Response Splitting (Early Hints) in Puma Open
puma (3.8.2)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2020-5249
Criticality: Medium
URL: https://github.com/puma/puma/security/advisories/GHSA-33vf-4xgg-9r58
Solution: upgrade to ~> 3.12.4, >= 4.3.3
Inefficient Regular Expression Complexity in Loofah Open
loofah (2.0.3)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2022-23514
Criticality: High
URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-486f-hjj9-9vhh
Solution: upgrade to >= 2.19.1
Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby Open
nokogiri (1.7.1)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2021-41098
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h
Solution: upgrade to >= 1.12.5
Older releases of better_errors open to Cross-Site Request Forgery attack Open
better_errors (2.1.1)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2021-39197
Criticality: Medium
URL: https://github.com/BetterErrors/better_errors/security/advisories/GHSA-w3j4-76qw-wwjm
Solution: upgrade to >= 2.8.0
Denial of Service (DoS) in Nokogiri on JRuby Open
nokogiri (1.7.1)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2022-24839
Criticality: High
URL: https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv
Solution: upgrade to >= 1.13.4
Possible arbitrary path traversal and file access via yard server
Open
yard (0.8.7.6)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory:
URL: https://github.com/lsegal/yard/security/advisories/GHSA-xfhh-rx56-rxcr
Solution: upgrade to >= 0.9.20
Class TargetPublicDecorator
has 23 methods (exceeds 20 allowed). Consider refactoring. Open
class TargetPublicDecorator < ApplicationDecorator
def message(association)
send("#{association}_message")
end
- Create a ticketCreate a ticket
Similar blocks of code found in 2 locations. Consider refactoring. Open
class ServiceOfferings < Trailblazer::Operation
include Collection
include Matchable
#
- Read upRead up
- Create a ticketCreate a ticket
Duplicated Code
Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:
Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.
When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).
Tuning
This issue has a mass of 47.
We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.
The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.
If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.
See codeclimate-duplication
's documentation for more information about tuning the mass threshold in your .codeclimate.yml
.
Refactorings
- Extract Method
- Extract Class
- Form Template Method
- Introduce Null Object
- Pull Up Method
- Pull Up Field
- Substitute Algorithm
Further Reading
- Don't Repeat Yourself on the C2 Wiki
- Duplicated Code on SourceMaking
- Refactoring: Improving the Design of Existing Code by Martin Fowler. Duplicated Code, p76
Similar blocks of code found in 2 locations. Consider refactoring. Open
class ServiceOfferings < Trailblazer::Operation
include Collection
include Matchable
#
- Read upRead up
- Create a ticketCreate a ticket
Duplicated Code
Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:
Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.
When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).
Tuning
This issue has a mass of 47.
We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.
The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.
If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.
See codeclimate-duplication
's documentation for more information about tuning the mass threshold in your .codeclimate.yml
.
Refactorings
- Extract Method
- Extract Class
- Form Template Method
- Introduce Null Object
- Pull Up Method
- Pull Up Field
- Substitute Algorithm
Further Reading
- Don't Repeat Yourself on the C2 Wiki
- Duplicated Code on SourceMaking
- Refactoring: Improving the Design of Existing Code by Martin Fowler. Duplicated Code, p76
Path Traversal in Sprockets Open
sprockets (3.7.1)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2018-3760
Criticality: High
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/2S9Pwz2i16k
Solution: upgrade to < 3.0.0, >= 2.12.5, < 4.0.0, >= 3.7.2, >= 4.0.0.beta8
ruby-ffi DDL loading issue on Windows OS Open
ffi (1.9.18)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2018-1000201
Criticality: High
URL: https://github.com/ffi/ffi/releases/tag/1.9.24
Solution: upgrade to >= 1.9.24
Possible XSS vulnerability in Rack Open
rack (1.6.5)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2018-16471
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/NAalCee8n6o
Solution: upgrade to ~> 1.6.11, >= 2.0.6