Showing 86 of 86 total issues
HTTP Response Splitting vulnerability in puma Open
puma (3.11.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-5247
Criticality: Medium
URL: https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v
Solution: upgrade to ~> 3.12.4, >= 4.3.3
Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer Open
rails-html-sanitizer (1.0.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-32209
Criticality: Medium
URL: https://groups.google.com/g/rubyonrails-security/c/ce9PhUANQ6s
Solution: upgrade to >= 1.4.3
HTTP Smuggling via Transfer-Encoding Header in Puma Open
puma (3.11.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-11077
Criticality: Medium
URL: https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm
Solution: upgrade to ~> 3.12.6, >= 4.3.5
Possible Strong Parameters Bypass in ActionPack Open
actionpack (5.1.4)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-8164
Criticality: High
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY
Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1
ReDoS based DoS vulnerability in Action Dispatch Open
actionpack (5.1.4)
- Read upRead up
- Exclude checks
Advisory: CVE-2023-22792
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1
CSRF Vulnerability in rails-ujs Open
actionview (5.1.4)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-8167
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0
Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1
Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file Open
nokogiri (1.8.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-5477
Criticality: Critical
URL: https://github.com/sparklemotion/nokogiri/issues/1915
Solution: upgrade to >= 1.10.4
Out-of-bounds Write in zlib affects Nokogiri Open
nokogiri (1.8.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2018-25032
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5
Solution: upgrade to >= 1.13.4
Percent-encoded cookies can be used to overwrite existing prefixed cookie names Open
rack (2.0.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-8184
Criticality: High
URL: https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak
Solution: upgrade to ~> 2.1.4, >= 2.2.3
Inefficient Regular Expression Complexity in rails-html-sanitizer Open
rails-html-sanitizer (1.0.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-23517
Criticality: High
URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w
Solution: upgrade to >= 1.4.4
Possible DoS Vulnerability in Active Record PostgreSQL adapter Open
activerecord (5.1.4)
- Read upRead up
- Exclude checks
Advisory: CVE-2021-22880
Criticality: Medium
URL: https://groups.google.com/g/rubyonrails-security/c/ZzUqCh9vyhI
Solution: upgrade to >= 5.2.4.5, ~> 5.2.4, >= 6.0.3.5, ~> 6.0.3, >= 6.1.2.1
json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix) Open
json (2.1.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-10663
Criticality: High
URL: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/
Solution: upgrade to >= 2.3.0
Loofah XSS Vulnerability Open
loofah (2.1.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-15587
Criticality: Medium
URL: https://github.com/flavorjones/loofah/issues/171
Solution: upgrade to >= 2.3.1
Loofah XSS Vulnerability Open
loofah (2.1.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2018-16468
Criticality: Medium
URL: https://github.com/flavorjones/loofah/issues/154
Solution: upgrade to >= 2.2.3
Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35) Open
nokogiri (1.8.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2021-30560
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2
Solution: upgrade to >= 1.13.2
Improper Handling of Unexpected Data Type in Nokogiri Open
nokogiri (1.8.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-29181
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m
Solution: upgrade to >= 1.13.6
Possible DoS Vulnerability in Action Controller Token Authentication Open
actionpack (5.1.4)
- Read upRead up
- Exclude checks
Advisory: CVE-2021-22904
Criticality: High
URL: https://groups.google.com/g/rubyonrails-security/c/Pf1TjkOBdyQ
Solution: upgrade to ~> 5.2.4.6, ~> 5.2.6, >= 6.0.3.7, ~> 6.0.3, >= 6.1.3.2
ReDoS based DoS vulnerability in Action Dispatch Open
actionpack (5.1.4)
- Read upRead up
- Exclude checks
Advisory: CVE-2023-22795
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1
Integer Overflow or Wraparound in libxml2 affects Nokogiri Open
nokogiri (1.8.1)
- Read upRead up
- Exclude checks
Advisory:
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-cgx6-hpwq-fhv5
Solution: upgrade to >= 1.13.5
Inefficient Regular Expression Complexity in Nokogiri Open
nokogiri (1.8.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-24836
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8
Solution: upgrade to >= 1.13.4