Issues - tyrbo/lolsummoners

Inefficient Regular Expression Complexity in Nokogiri
Open

    nokogiri (1.6.6.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-24836

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8

Solution: upgrade to >= 1.13.4

Potential XSS vulnerability in jQuery
Open

    jquery-rails (4.0.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-11023

Criticality: Medium

URL: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released

Solution: upgrade to >= 4.4.0

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

    nokogiri (1.6.6.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw

Solution: upgrade to >= 1.13.9

Sidekiq Gem for Ruby Multiple Unspecified CSRF
Open

    sidekiq (3.3.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: OSVDB-125675

URL: https://github.com/mperham/sidekiq/pull/2422

Solution: upgrade to >= 3.4.2

Loofah XSS Vulnerability
Open

    loofah (2.0.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-8048

Criticality: Medium

URL: https://github.com/flavorjones/loofah/issues/144

Solution: upgrade to >= 2.2.1

XML Injection in Xerces Java affects Nokogiri
Open

    nokogiri (1.6.6.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23437

Criticality: Medium

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xxx9-3xcr-gjj3

Solution: upgrade to >= 1.13.4

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

    nokogiri (1.6.6.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2017-16932

URL: https://github.com/sparklemotion/nokogiri/issues/1714

Solution: upgrade to >= 1.8.1

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23517

Criticality: High

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w

Solution: upgrade to >= 1.4.4

Sidekiq Gem for Ruby web/views/queue.erb CurrentMessagesInQueue Element Reflected XSS
Open

    sidekiq (3.3.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: OSVDB-125676

URL: https://github.com/mperham/sidekiq/issues/2330

Solution: upgrade to >= 3.4.0

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23519

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h

Solution: upgrade to >= 1.4.4

Sidekiq Gem for Ruby web/views/queue.erb msg.display_class Element XSS
Open

    sidekiq (3.3.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: OSVDB-125678

URL: https://github.com/mperham/sidekiq/pull/2309

Solution: upgrade to >= 3.4.0

Denial of Service (DoS) in Nokogiri on JRuby
Open

    nokogiri (1.6.6.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-24839

Criticality: High

URL: https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv

Solution: upgrade to >= 1.13.4

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23520

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8

Solution: upgrade to >= 1.4.4

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

    nokogiri (1.6.6.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-13117

URL: https://github.com/sparklemotion/nokogiri/issues/1943

Solution: upgrade to >= 1.10.5

i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS
Open

    i18n (0.7.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2014-10077

URL: https://github.com/svenfuchs/i18n/pull/289

Solution: upgrade to >= 0.8.0

Loofah XSS Vulnerability
Open

    loofah (2.0.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-15587

Criticality: Medium

URL: https://github.com/flavorjones/loofah/issues/171

Solution: upgrade to >= 2.3.1

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

    rails-html-sanitizer (1.0.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-32209

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/ce9PhUANQ6s

Solution: upgrade to >= 1.4.3

Regular Expression Denial of Service in Addressable templates
Open

    addressable (2.3.8)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-32740

Criticality: High

URL: https://github.com/advisories/GHSA-jxhc-q857-3j6g

Solution: upgrade to >= 2.8.0

Inefficient Regular Expression Complexity in Loofah
Open

    loofah (2.0.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23514

Criticality: High

URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-486f-hjj9-9vhh

Solution: upgrade to >= 2.19.1

Out-of-bounds Write in zlib affects Nokogiri
Open

    nokogiri (1.6.6.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-25032

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5

Solution: upgrade to >= 1.13.4

tyrbo/lolsummoners

Showing 154 of 154 total issues

Inefficient Regular Expression Complexity in Nokogiri
Open

Potential XSS vulnerability in jQuery
Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

Sidekiq Gem for Ruby Multiple Unspecified CSRF
Open

Loofah XSS Vulnerability
Open

XML Injection in Xerces Java affects Nokogiri
Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

Sidekiq Gem for Ruby web/views/queue.erb CurrentMessagesInQueue Element Reflected XSS
Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

Sidekiq Gem for Ruby web/views/queue.erb msg.display_class Element XSS
Open

Denial of Service (DoS) in Nokogiri on JRuby
Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS
Open

Loofah XSS Vulnerability
Open

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

Regular Expression Denial of Service in Addressable templates
Open

Inefficient Regular Expression Complexity in Loofah
Open

Out-of-bounds Write in zlib affects Nokogiri
Open

Severity

Category

Status

Source

Language

tyrbo/lolsummoners

Showing 154 of 154 total issues

Inefficient Regular Expression Complexity in Nokogiri Open

Potential XSS vulnerability in jQuery Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs Open

Sidekiq Gem for Ruby Multiple Unspecified CSRF Open

Loofah XSS Vulnerability Open

XML Injection in Xerces Java affects Nokogiri Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities Open

Inefficient Regular Expression Complexity in rails-html-sanitizer Open

Sidekiq Gem for Ruby web/views/queue.erb CurrentMessagesInQueue Element Reflected XSS Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer Open

Sidekiq Gem for Ruby web/views/queue.erb msg.display_class Element XSS Open

Denial of Service (DoS) in Nokogiri on JRuby Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer Open

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities Open

i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS Open

Loofah XSS Vulnerability Open

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer Open

Regular Expression Denial of Service in Addressable templates Open

Inefficient Regular Expression Complexity in Loofah Open

Out-of-bounds Write in zlib affects Nokogiri Open

Severity

Category

Status

Source

Language

Inefficient Regular Expression Complexity in Nokogiri
Open

Potential XSS vulnerability in jQuery
Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

Sidekiq Gem for Ruby Multiple Unspecified CSRF
Open

Loofah XSS Vulnerability
Open

XML Injection in Xerces Java affects Nokogiri
Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

Sidekiq Gem for Ruby web/views/queue.erb CurrentMessagesInQueue Element Reflected XSS
Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

Sidekiq Gem for Ruby web/views/queue.erb msg.display_class Element XSS
Open

Denial of Service (DoS) in Nokogiri on JRuby
Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS
Open

Loofah XSS Vulnerability
Open

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

Regular Expression Denial of Service in Addressable templates
Open

Inefficient Regular Expression Complexity in Loofah
Open

Out-of-bounds Write in zlib affects Nokogiri
Open