Issues - udongo/udongo - Code Climate

Potential XSS vulnerability in jQuery
Open

    jquery-rails (4.3.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-11023

Criticality: Medium

URL: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released

Solution: upgrade to >= 4.4.0

Uncontrolled Recursion in Loofah
Open

    loofah (2.2.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23516

Criticality: High

URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-3x8r-x6xp-q4vm

Solution: upgrade to >= 2.19.1

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

    nokogiri (1.8.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-5477

Criticality: Critical

URL: https://github.com/sparklemotion/nokogiri/issues/1915

Solution: upgrade to >= 1.10.4

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

    nokogiri (1.8.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-cgx6-hpwq-fhv5

Solution: upgrade to >= 1.13.5

Possible exposure of information vulnerability in Action Pack
Open

    actionpack (5.0.7)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23633

Criticality: High

URL: https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ

Solution: upgrade to >= 5.2.6.2, ~> 5.2.6, >= 6.0.4.6, ~> 6.0.4, >= 6.1.4.6, ~> 6.1.4, >= 7.0.2.2

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

    nokogiri (1.8.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64

Solution: upgrade to >= 1.11.4

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

    nokogiri (1.8.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-13117

URL: https://github.com/sparklemotion/nokogiri/issues/1943

Solution: upgrade to >= 1.10.5

Out-of-bounds Write in zlib affects Nokogiri
Open

    nokogiri (1.8.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-25032

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5

Solution: upgrade to >= 1.13.4

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23517

Criticality: High

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w

Solution: upgrade to >= 1.4.4

Possible XSS Vulnerability in Action View tag helpers
Open

    actionview (5.0.7)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-27777

Criticality: Medium

URL: https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw

Solution: upgrade to >= 5.2.7.1, ~> 5.2.7, >= 6.0.4.8, ~> 6.0.4, >= 6.1.5.1, ~> 6.1.5, >= 7.0.2.4

Possible DoS Vulnerability in Active Record PostgreSQL adapter
Open

    activerecord (5.0.7)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-22880

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/ZzUqCh9vyhI

Solution: upgrade to >= 5.2.4.5, ~> 5.2.4, >= 6.0.3.5, ~> 6.0.3, >= 6.1.2.1

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

    nokogiri (1.8.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw

Solution: upgrade to >= 1.13.9

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23520

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8

Solution: upgrade to >= 1.4.4

Injection/XSS in Redcarpet
Open

    redcarpet (3.4.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-26298

Criticality: Medium

URL: https://github.com/vmg/redcarpet/commit/a699c82292b17c8e6a62e1914d5eccc252272793

Solution: upgrade to >= 3.5.1

CSRF Vulnerability in rails-ujs
Open

    actionview (5.0.7)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8167

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

Directory traversal in Rack::Directory app bundled with Rack
Open

    rack (2.0.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8161

Criticality: High

URL: https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA

Solution: upgrade to ~> 2.1.3, >= 2.2.0

Ability to forge per-form CSRF tokens given a global CSRF token
Open

    actionpack (5.0.7)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8166

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

libxml2 2.9.10 has an infinite loop in a certain end-of-file situation
Open

    nokogiri (1.8.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-7595

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1992

Solution: upgrade to >= 1.10.8

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23519

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h

Solution: upgrade to >= 1.4.4

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

    nokogiri (1.8.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-30560

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2

Solution: upgrade to >= 1.13.2

udongo/udongo

Showing 1,029 of 1,029 total issues

Potential XSS vulnerability in jQuery
Open

Uncontrolled Recursion in Loofah
Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

Possible exposure of information vulnerability in Action Pack
Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

Out-of-bounds Write in zlib affects Nokogiri
Open

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

Possible XSS Vulnerability in Action View tag helpers
Open

Possible DoS Vulnerability in Active Record PostgreSQL adapter
Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

Injection/XSS in Redcarpet
Open

CSRF Vulnerability in rails-ujs
Open

Directory traversal in Rack::Directory app bundled with Rack
Open

Ability to forge per-form CSRF tokens given a global CSRF token
Open

libxml2 2.9.10 has an infinite loop in a certain end-of-file situation
Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

Severity

Category

Status

Source

Language

udongo/udongo

Showing 1,029 of 1,029 total issues

Potential XSS vulnerability in jQuery Open

Uncontrolled Recursion in Loofah Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file Open

Integer Overflow or Wraparound in libxml2 affects Nokogiri Open

Possible exposure of information vulnerability in Action Pack Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12 Open

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities Open

Out-of-bounds Write in zlib affects Nokogiri Open

Inefficient Regular Expression Complexity in rails-html-sanitizer Open

Possible XSS Vulnerability in Action View tag helpers Open

Possible DoS Vulnerability in Active Record PostgreSQL adapter Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer Open

Injection/XSS in Redcarpet Open

CSRF Vulnerability in rails-ujs Open

Directory traversal in Rack::Directory app bundled with Rack Open

Ability to forge per-form CSRF tokens given a global CSRF token Open

libxml2 2.9.10 has an infinite loop in a certain end-of-file situation Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer Open

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35) Open

Severity

Category

Status

Source

Language

Potential XSS vulnerability in jQuery
Open

Uncontrolled Recursion in Loofah
Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

Possible exposure of information vulnerability in Action Pack
Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

Out-of-bounds Write in zlib affects Nokogiri
Open

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

Possible XSS Vulnerability in Action View tag helpers
Open

Possible DoS Vulnerability in Active Record PostgreSQL adapter
Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

Injection/XSS in Redcarpet
Open

CSRF Vulnerability in rails-ujs
Open

Directory traversal in Rack::Directory app bundled with Rack
Open

Ability to forge per-form CSRF tokens given a global CSRF token
Open

libxml2 2.9.10 has an infinite loop in a certain end-of-file situation
Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open