Gemfile.lock from travis-ci/job-board

Gemfile.lock

Summary

Maintainability

Test Coverage

HTTP Request Smuggling in puma
Open

    puma (3.12.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-24790

Criticality: Critical

URL: https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9

Solution: upgrade to ~> 4.3.12, >= 5.6.4

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma
Open

    puma (3.12.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-41136

Criticality: Low

URL: https://github.com/puma/puma/security/advisories/GHSA-48w2-rm65-62xx

Solution: upgrade to ~> 4.3.9, >= 5.5.1

Keepalive Connections Causing Denial Of Service in puma
Open

    puma (3.12.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-29509

Criticality: High

URL: https://github.com/puma/puma/security/advisories/GHSA-q28m-8xjw-8vr5

Solution: upgrade to ~> 4.3.8, >= 5.3.1

Information Exposure with Puma when used with Rails
Open

    puma (3.12.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23634

Criticality: High

URL: https://github.com/puma/puma/security/advisories/GHSA-rmj8-8hhh-gv5h

Solution: upgrade to ~> 4.3.11, >= 5.6.2

Directory traversal in Rack::Directory app bundled with Rack
Open

    rack (2.0.6)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8161

Criticality: High

URL: https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA

Solution: upgrade to ~> 2.1.3, >= 2.2.0

Regular Expression Denial of Service in Addressable templates
Open

    addressable (2.5.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-32740

Criticality: High

URL: https://github.com/advisories/GHSA-jxhc-q857-3j6g

Solution: upgrade to >= 2.8.0

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

    json (2.1.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-10663

Criticality: High

URL: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/

Solution: upgrade to >= 2.3.0

sinatra does not validate expanded path matches
Open

    sinatra (2.0.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-29970

Criticality: High

URL: https://github.com/sinatra/sinatra/pull/1683

Solution: upgrade to >= 2.2.0

Sinatra vulnerable to Reflected File Download attack
Open

    sinatra (2.0.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-45442

Criticality: High

URL: https://github.com/sinatra/sinatra/security/advisories/GHSA-2x8x-jmrp-phxw

Solution: upgrade to ~> 2.2.3, >= 3.0.4

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

    rack (2.0.6)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8184

Criticality: High

URL: https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak

Solution: upgrade to ~> 2.1.4, >= 2.2.3

HTTP Response Splitting vulnerability in puma
Open

    puma (3.12.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-5247

Criticality: Medium

URL: https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v

Solution: upgrade to ~> 3.12.4, >= 4.3.3

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

    puma (3.12.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-11076

Criticality: High

URL: https://github.com/puma/puma/security/advisories/GHSA-x7jg-6pwg-fx5h

Solution: upgrade to ~> 3.12.5, >= 4.3.4

Denial of Service Vulnerability in Rack Multipart Parsing
Open

    rack (2.0.6)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-30122

Criticality: High

URL: https://groups.google.com/g/ruby-security-ann/c/L2Axto442qk

Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1

OS Command Injection in Rake
Open

    rake (12.3.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8130

Criticality: High

URL: https://github.com/advisories/GHSA-jppv-gw3r-w3q8

Solution: upgrade to >= 12.3.3

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

    puma (3.12.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-11077

Criticality: Medium

URL: https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm

Solution: upgrade to ~> 3.12.6, >= 4.3.5

HTTP Response Splitting (Early Hints) in Puma
Open

    puma (3.12.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-5249

Criticality: Medium

URL: https://github.com/puma/puma/security/advisories/GHSA-33vf-4xgg-9r58

Solution: upgrade to ~> 3.12.4, >= 4.3.3

TZInfo relative path traversal vulnerability allows loading of arbitrary files
Open

    tzinfo (1.2.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-31163

Criticality: High

URL: https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx

Solution: upgrade to ~> 0.3.61, >= 1.2.10

Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
Open

    activesupport (5.2.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8165

Criticality: Critical

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

Denial of service via multipart parsing in Rack
Open

    rack (2.0.6)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-44572

URL: https://github.com/rack/rack/releases/tag/v3.0.4.1

Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.1, ~> 2.2.6, >= 3.0.4.1

Denial of Service Vulnerability in Rack Content-Disposition parsing
Open

    rack (2.0.6)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-44571

URL: https://github.com/rack/rack/releases/tag/v3.0.4.1

Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.1, ~> 2.2.6, >= 3.0.4.1

Keepalive thread overload/DoS in puma
Open

    puma (3.12.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-16770

Criticality: High

URL: https://github.com/puma/puma/security/advisories/GHSA-7xx3-m584-x994

Solution: upgrade to ~> 3.12.2, >= 4.3.1

Possible information leak / session hijack vulnerability
Open

    rack (2.0.6)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-16782

Criticality: Medium

URL: https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3

Solution: upgrade to ~> 1.6.12, >= 2.0.8

Denial of service via header parsing in Rack
Open

    rack (2.0.6)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-44570

URL: https://github.com/rack/rack/releases/tag/v3.0.4.1

Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.2, ~> 2.2.6, >= 3.0.4.1

ReDoS based DoS vulnerability in Active Support’s underscore
Open

    activesupport (5.2.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2023-22796

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Possible shell escape sequence injection vulnerability in Rack
Open

    rack (2.0.6)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-30123

Criticality: Critical

URL: https://groups.google.com/g/ruby-security-ann/c/LWB10kWzag8

Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1

travis-ci/job-board

Summary

Maintainability

Test Coverage

HTTP Request Smuggling in puma
Open

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma
Open

Keepalive Connections Causing Denial Of Service in puma
Open

Information Exposure with Puma when used with Rails
Open

Directory traversal in Rack::Directory app bundled with Rack
Open

Regular Expression Denial of Service in Addressable templates
Open

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

sinatra does not validate expanded path matches
Open

Sinatra vulnerable to Reflected File Download attack
Open

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

HTTP Response Splitting vulnerability in puma
Open

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

Denial of Service Vulnerability in Rack Multipart Parsing
Open

OS Command Injection in Rake
Open

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

HTTP Response Splitting (Early Hints) in Puma
Open

TZInfo relative path traversal vulnerability allows loading of arbitrary files
Open

Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
Open

Denial of service via multipart parsing in Rack
Open

Denial of Service Vulnerability in Rack Content-Disposition parsing
Open

Keepalive thread overload/DoS in puma
Open

Possible information leak / session hijack vulnerability
Open

Denial of service via header parsing in Rack
Open

ReDoS based DoS vulnerability in Active Support’s underscore
Open

Possible shell escape sequence injection vulnerability in Rack
Open

There are no issues that match your filters.

Category

Status

travis-ci/job-board

Summary

Maintainability

Test Coverage

HTTP Request Smuggling in puma Open

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma Open

Keepalive Connections Causing Denial Of Service in puma Open

Information Exposure with Puma when used with Rails Open

Directory traversal in Rack::Directory app bundled with Rack Open

Regular Expression Denial of Service in Addressable templates Open

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix) Open

sinatra does not validate expanded path matches Open

Sinatra vulnerable to Reflected File Download attack Open

Percent-encoded cookies can be used to overwrite existing prefixed cookie names Open

HTTP Response Splitting vulnerability in puma Open

HTTP Smuggling via Transfer-Encoding Header in Puma Open

Denial of Service Vulnerability in Rack Multipart Parsing Open

OS Command Injection in Rake Open

HTTP Smuggling via Transfer-Encoding Header in Puma Open

HTTP Response Splitting (Early Hints) in Puma Open

TZInfo relative path traversal vulnerability allows loading of arbitrary files Open

Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore Open

Denial of service via multipart parsing in Rack Open

Denial of Service Vulnerability in Rack Content-Disposition parsing Open

Keepalive thread overload/DoS in puma Open

Possible information leak / session hijack vulnerability Open

Denial of service via header parsing in Rack Open

ReDoS based DoS vulnerability in Active Support’s underscore Open

Possible shell escape sequence injection vulnerability in Rack Open

There are no issues that match your filters.

Category

Status

HTTP Request Smuggling in puma
Open

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma
Open

Keepalive Connections Causing Denial Of Service in puma
Open

Information Exposure with Puma when used with Rails
Open

Directory traversal in Rack::Directory app bundled with Rack
Open

Regular Expression Denial of Service in Addressable templates
Open

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

sinatra does not validate expanded path matches
Open

Sinatra vulnerable to Reflected File Download attack
Open

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

HTTP Response Splitting vulnerability in puma
Open

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

Denial of Service Vulnerability in Rack Multipart Parsing
Open

OS Command Injection in Rake
Open

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

HTTP Response Splitting (Early Hints) in Puma
Open

TZInfo relative path traversal vulnerability allows loading of arbitrary files
Open

Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
Open

Denial of service via multipart parsing in Rack
Open

Denial of Service Vulnerability in Rack Content-Disposition parsing
Open

Keepalive thread overload/DoS in puma
Open

Possible information leak / session hijack vulnerability
Open

Denial of service via header parsing in Rack
Open

ReDoS based DoS vulnerability in Active Support’s underscore
Open

Possible shell escape sequence injection vulnerability in Rack
Open