Issues - steem-third-party/ganymede

Possible DoS Vulnerability in Action Controller Token Authentication
Open

    actionpack (5.1.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-22904

Criticality: High

URL: https://groups.google.com/g/rubyonrails-security/c/Pf1TjkOBdyQ

Solution: upgrade to ~> 5.2.4.6, ~> 5.2.6, >= 6.0.3.7, ~> 6.0.3, >= 6.1.3.2

ReDoS based DoS vulnerability in Action Dispatch
Open

    actionpack (5.1.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2023-22792

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Potential XSS vulnerability in Action View
Open

    actionview (5.1.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-15169

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/b-C9kSGXYrc

Solution: upgrade to >= 5.2.4.4, ~> 5.2.4, >= 6.0.3.3

Improper neutralization of data URIs may allow XSS in Loofah
Open

    loofah (2.1.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23515

Criticality: Medium

URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-228g-948r-83gx

Solution: upgrade to >= 2.19.1

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

    puma (3.11.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-11076

Criticality: High

URL: https://github.com/puma/puma/security/advisories/GHSA-x7jg-6pwg-fx5h

Solution: upgrade to ~> 3.12.5, >= 4.3.4

Possible RCE escalation bug with Serialized Columns in Active Record
Open

    activerecord (5.1.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-32224

Criticality: Critical

URL: https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U

Solution: upgrade to >= 5.2.8.1, ~> 5.2.8, >= 6.0.5.1, ~> 6.0.5, >= 6.1.6.1, ~> 6.1.6, >= 7.0.3.1

Loofah XSS Vulnerability
Open

    loofah (2.1.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-8048

Criticality: Medium

URL: https://github.com/flavorjones/loofah/issues/144

Solution: upgrade to >= 2.2.1

Inefficient Regular Expression Complexity in Nokogiri
Open

    nokogiri (1.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-24836

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8

Solution: upgrade to >= 1.13.4

Loofah XSS Vulnerability
Open

    loofah (2.1.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-16468

Criticality: Medium

URL: https://github.com/flavorjones/loofah/issues/154

Solution: upgrade to >= 2.2.3

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

    nokogiri (1.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-41098

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h

Solution: upgrade to >= 1.12.5

Possible Strong Parameters Bypass in ActionPack
Open

    actionpack (5.1.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8164

Criticality: High

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

Regular Expression Denial of Service in Addressable templates
Open

    addressable (2.5.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-32740

Criticality: High

URL: https://github.com/advisories/GHSA-jxhc-q857-3j6g

Solution: upgrade to >= 2.8.0

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

    nokogiri (1.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-30560

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2

Solution: upgrade to >= 1.13.2

Denial of Service (DoS) in Nokogiri on JRuby
Open

    nokogiri (1.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-24839

Criticality: High

URL: https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv

Solution: upgrade to >= 1.13.4

Possible Information Disclosure / Unintended Method Execution in Action Pack
Open

    actionpack (5.1.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-22885

Criticality: High

URL: https://groups.google.com/g/rubyonrails-security/c/NiQl-48cXYI

Solution: upgrade to ~> 5.2.4.6, ~> 5.2.6, >= 6.0.3.7, ~> 6.0.3, >= 6.1.3.2

Out-of-bounds Write in zlib affects Nokogiri
Open

    nokogiri (1.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-25032

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5

Solution: upgrade to >= 1.13.4

Directory traversal in Rack::Directory app bundled with Rack
Open

    rack (2.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8161

Criticality: High

URL: https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA

Solution: upgrade to ~> 2.1.3, >= 2.2.0

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23517

Criticality: High

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w

Solution: upgrade to >= 1.4.4

Possible XSS Vulnerability in Action View tag helpers
Open

    actionview (5.1.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-27777

Criticality: Medium

URL: https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw

Solution: upgrade to >= 5.2.7.1, ~> 5.2.7, >= 6.0.4.8, ~> 6.0.4, >= 6.1.5.1, ~> 6.1.5, >= 7.0.2.4

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

    activerecord (5.1.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-44566

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

steem-third-party/ganymede

Showing 231 of 231 total issues

Possible DoS Vulnerability in Action Controller Token Authentication
Open

ReDoS based DoS vulnerability in Action Dispatch
Open

Potential XSS vulnerability in Action View
Open

Improper neutralization of data URIs may allow XSS in Loofah
Open

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

Possible RCE escalation bug with Serialized Columns in Active Record
Open

Loofah XSS Vulnerability
Open

Inefficient Regular Expression Complexity in Nokogiri
Open

Loofah XSS Vulnerability
Open

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

Possible Strong Parameters Bypass in ActionPack
Open

Regular Expression Denial of Service in Addressable templates
Open

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

Denial of Service (DoS) in Nokogiri on JRuby
Open

Possible Information Disclosure / Unintended Method Execution in Action Pack
Open

Out-of-bounds Write in zlib affects Nokogiri
Open

Directory traversal in Rack::Directory app bundled with Rack
Open

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

Possible XSS Vulnerability in Action View tag helpers
Open

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

Severity

Category

Status

Source

Language

steem-third-party/ganymede

Showing 231 of 231 total issues

Possible DoS Vulnerability in Action Controller Token Authentication Open

ReDoS based DoS vulnerability in Action Dispatch Open

Potential XSS vulnerability in Action View Open

Improper neutralization of data URIs may allow XSS in Loofah Open

HTTP Smuggling via Transfer-Encoding Header in Puma Open

Possible RCE escalation bug with Serialized Columns in Active Record Open

Loofah XSS Vulnerability Open

Inefficient Regular Expression Complexity in Nokogiri Open

Loofah XSS Vulnerability Open

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby Open

Possible Strong Parameters Bypass in ActionPack Open

Regular Expression Denial of Service in Addressable templates Open

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35) Open

Denial of Service (DoS) in Nokogiri on JRuby Open

Possible Information Disclosure / Unintended Method Execution in Action Pack Open

Out-of-bounds Write in zlib affects Nokogiri Open

Directory traversal in Rack::Directory app bundled with Rack Open

Inefficient Regular Expression Complexity in rails-html-sanitizer Open

Possible XSS Vulnerability in Action View tag helpers Open

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter Open

Severity

Category

Status

Source

Language

Possible DoS Vulnerability in Action Controller Token Authentication
Open

ReDoS based DoS vulnerability in Action Dispatch
Open

Potential XSS vulnerability in Action View
Open

Improper neutralization of data URIs may allow XSS in Loofah
Open

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

Possible RCE escalation bug with Serialized Columns in Active Record
Open

Loofah XSS Vulnerability
Open

Inefficient Regular Expression Complexity in Nokogiri
Open

Loofah XSS Vulnerability
Open

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

Possible Strong Parameters Bypass in ActionPack
Open

Regular Expression Denial of Service in Addressable templates
Open

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

Denial of Service (DoS) in Nokogiri on JRuby
Open

Possible Information Disclosure / Unintended Method Execution in Action Pack
Open

Out-of-bounds Write in zlib affects Nokogiri
Open

Directory traversal in Rack::Directory app bundled with Rack
Open

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

Possible XSS Vulnerability in Action View tag helpers
Open

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open