Showing 231 of 231 total issues
XSS Vulnerability in Chartkick Ruby Gem Open
chartkick (2.2.5)- Read upRead up
- Exclude checks
Advisory: CVE-2019-12732
Criticality: Medium
URL: https://github.com/ankane/chartkick/issues/488
Solution: upgrade to >= 3.2.0
Keepalive Connections Causing Denial Of Service in puma Open
puma (3.11.2)- Read upRead up
- Exclude checks
Advisory: CVE-2021-29509
Criticality: High
URL: https://github.com/puma/puma/security/advisories/GHSA-q28m-8xjw-8vr5
Solution: upgrade to ~> 4.3.8, >= 5.3.1
ReDoS based DoS vulnerability in GlobalID Open
globalid (0.4.1)- Read upRead up
- Exclude checks
Advisory: CVE-2023-22799
URL: https://github.com/rails/globalid/releases/tag/v1.0.1
Solution: upgrade to >= 1.0.1
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma Open
puma (3.11.2)- Read upRead up
- Exclude checks
Advisory: CVE-2021-41136
Criticality: Low
URL: https://github.com/puma/puma/security/advisories/GHSA-48w2-rm65-62xx
Solution: upgrade to ~> 4.3.9, >= 5.5.1
CSS injection with width and height options Open
chartkick (2.2.5)- Read upRead up
- Exclude checks
Advisory: CVE-2020-16254
Criticality: Medium
URL: https://github.com/ankane/chartkick/issues/546
Solution: upgrade to >= 3.4.0
HTTP Request Smuggling in puma Open
puma (3.11.2)- Read upRead up
- Exclude checks
Advisory: CVE-2022-24790
Criticality: Critical
URL: https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9
Solution: upgrade to ~> 4.3.12, >= 5.6.4
Information Exposure with Puma when used with Rails Open
puma (3.11.2)- Read upRead up
- Exclude checks
Advisory: CVE-2022-23634
Criticality: High
URL: https://github.com/puma/puma/security/advisories/GHSA-rmj8-8hhh-gv5h
Solution: upgrade to ~> 4.3.11, >= 5.6.2
Class has too many lines. [283/250] Open
class AccountsController < ApplicationController
before_action :prune_account_votes_cache
helper_method :suggested_voters, :votes_today, :accounts
def index- Read upRead up
- Exclude checks
This cop checks if the length a class exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.
Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file Open
nokogiri (1.8.1)- Read upRead up
- Exclude checks
Advisory: CVE-2019-5477
Criticality: Critical
URL: https://github.com/sparklemotion/nokogiri/issues/1915
Solution: upgrade to >= 1.10.4
Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability Open
nokogiri (1.8.1)- Read upRead up
- Exclude checks
Advisory: CVE-2020-26247
Criticality: Low
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m
Solution: upgrade to >= 1.11.0.rc4
Possible XSS vulnerability with certain configurations of rails-html-sanitizer Open
rails-html-sanitizer (1.0.3)- Read upRead up
- Exclude checks
Advisory: CVE-2022-23519
Criticality: Medium
URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h
Solution: upgrade to >= 1.4.4
Inefficient Regular Expression Complexity in rails-html-sanitizer Open
rails-html-sanitizer (1.0.3)- Read upRead up
- Exclude checks
Advisory: CVE-2022-23517
Criticality: High
URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w
Solution: upgrade to >= 1.4.4
json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix) Open
json (2.1.0)- Read upRead up
- Exclude checks
Advisory: CVE-2020-10663
Criticality: High
URL: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/
Solution: upgrade to >= 2.3.0
Improper neutralization of data URIs may allow XSS in Loofah Open
loofah (2.1.1)- Read upRead up
- Exclude checks
Advisory: CVE-2022-23515
Criticality: Medium
URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-228g-948r-83gx
Solution: upgrade to >= 2.19.1
Loofah XSS Vulnerability Open
loofah (2.1.1)- Read upRead up
- Exclude checks
Advisory: CVE-2019-15587
Criticality: Medium
URL: https://github.com/flavorjones/loofah/issues/171
Solution: upgrade to >= 2.3.1
HTTP Response Splitting vulnerability in puma Open
puma (3.11.2)- Read upRead up
- Exclude checks
Advisory: CVE-2020-5247
Criticality: Medium
URL: https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v
Solution: upgrade to ~> 3.12.4, >= 4.3.3
Loofah XSS Vulnerability Open
loofah (2.1.1)- Read upRead up
- Exclude checks
Advisory: CVE-2018-16468
Criticality: Medium
URL: https://github.com/flavorjones/loofah/issues/154
Solution: upgrade to >= 2.2.3
Integer Overflow or Wraparound in libxml2 affects Nokogiri Open
nokogiri (1.8.1)- Read upRead up
- Exclude checks
Advisory:
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-cgx6-hpwq-fhv5
Solution: upgrade to >= 1.13.5
Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35) Open
nokogiri (1.8.1)- Read upRead up
- Exclude checks
Advisory: CVE-2021-30560
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2
Solution: upgrade to >= 1.13.2
Inefficient Regular Expression Complexity in Nokogiri Open
nokogiri (1.8.1)- Read upRead up
- Exclude checks
Advisory: CVE-2022-24836
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8
Solution: upgrade to >= 1.13.4