Issues - smcgov/ohana-sms-smc

Unsanitized input leading to code injection in Dalli
Open

    dalli (2.7.10)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

ReDoS based DoS vulnerability in GlobalID
Open

    globalid (0.4.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Inefficient Regular Expression Complexity in Loofah
Open

    loofah (2.5.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

    nokogiri (1.10.9)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Inefficient Regular Expression Complexity in Nokogiri
Open

    nokogiri (1.10.9)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Out-of-bounds Write in zlib affects Nokogiri
Open

    nokogiri (1.10.9)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

    rails-html-sanitizer (1.3.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

    rails-html-sanitizer (1.3.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

    nokogiri (1.10.9)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Uncontrolled Recursion in Loofah
Open

    loofah (2.5.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Denial of Service (DoS) in Nokogiri on JRuby
Open

    nokogiri (1.10.9)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

    rails-html-sanitizer (1.3.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

    rails-html-sanitizer (1.3.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

    nokogiri (1.10.9)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Improper Handling of Unexpected Data Type in Nokogiri
Open

    nokogiri (1.10.9)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Improper neutralization of data URIs may allow XSS in Loofah
Open

    loofah (2.5.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

    nokogiri (1.10.9)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

    nokogiri (1.10.9)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

XML Injection in Xerces Java affects Nokogiri
Open

    nokogiri (1.10.9)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Regular Expression Denial of Service in Addressable templates
Open

    addressable (2.5.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

smcgov/ohana-sms-smc

Showing 57 of 57 total issues

Unsanitized input leading to code injection in Dalli
Open

ReDoS based DoS vulnerability in GlobalID
Open

Inefficient Regular Expression Complexity in Loofah
Open

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

Inefficient Regular Expression Complexity in Nokogiri
Open

Out-of-bounds Write in zlib affects Nokogiri
Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

Uncontrolled Recursion in Loofah
Open

Denial of Service (DoS) in Nokogiri on JRuby
Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

Improper Handling of Unexpected Data Type in Nokogiri
Open

Improper neutralization of data URIs may allow XSS in Loofah
Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

XML Injection in Xerces Java affects Nokogiri
Open

Regular Expression Denial of Service in Addressable templates
Open

Severity

Category

Status

Source

Language

smcgov/ohana-sms-smc

Showing 57 of 57 total issues

Unsanitized input leading to code injection in Dalli Open

ReDoS based DoS vulnerability in GlobalID Open

Inefficient Regular Expression Complexity in Loofah Open

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35) Open

Inefficient Regular Expression Complexity in Nokogiri Open

Out-of-bounds Write in zlib affects Nokogiri Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer Open

Inefficient Regular Expression Complexity in rails-html-sanitizer Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs Open

Uncontrolled Recursion in Loofah Open

Denial of Service (DoS) in Nokogiri on JRuby Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer Open

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer Open

Integer Overflow or Wraparound in libxml2 affects Nokogiri Open

Improper Handling of Unexpected Data Type in Nokogiri Open

Improper neutralization of data URIs may allow XSS in Loofah Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12 Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability Open

XML Injection in Xerces Java affects Nokogiri Open

Regular Expression Denial of Service in Addressable templates Open

Severity

Category

Status

Source

Language

Unsanitized input leading to code injection in Dalli
Open

ReDoS based DoS vulnerability in GlobalID
Open

Inefficient Regular Expression Complexity in Loofah
Open

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

Inefficient Regular Expression Complexity in Nokogiri
Open

Out-of-bounds Write in zlib affects Nokogiri
Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

Uncontrolled Recursion in Loofah
Open

Denial of Service (DoS) in Nokogiri on JRuby
Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

Improper Handling of Unexpected Data Type in Nokogiri
Open

Improper neutralization of data URIs may allow XSS in Loofah
Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

XML Injection in Xerces Java affects Nokogiri
Open

Regular Expression Denial of Service in Addressable templates
Open