Sign upLogin

udongo/udongo

View on GitHub
Star

Showing 1,029 of 1,029 total issues

ReDoS based DoS vulnerability in Action Dispatch
Open

    actionpack (5.0.7)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2023-22795

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

ReDoS based DoS vulnerability in Action Dispatch
Open

    actionpack (5.0.7)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2023-22792

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Possible XSS vulnerability in ActionView
Open

    actionview (5.0.7)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-5267

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/55reWMM_Pg8

Solution: upgrade to >= 5.2.4.2, ~> 5.2.4, >= 6.0.2.2

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

    json (2.1.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-10663

Criticality: High

URL: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/

Solution: upgrade to >= 2.3.0

Improper neutralization of data URIs may allow XSS in Loofah
Open

    loofah (2.2.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23515

Criticality: Medium

URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-228g-948r-83gx

Solution: upgrade to >= 2.19.1

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

    rack (2.0.5)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8184

Criticality: High

URL: https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak

Solution: upgrade to ~> 2.1.4, >= 2.2.3

ReDoS based DoS vulnerability in Active Support’s underscore
Open

    activesupport (5.0.7)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2023-22796

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Possible DoS Vulnerability in Action Controller Token Authentication
Open

    actionpack (5.0.7)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-22904

Criticality: High

URL: https://groups.google.com/g/rubyonrails-security/c/Pf1TjkOBdyQ

Solution: upgrade to ~> 5.2.4.6, ~> 5.2.6, >= 6.0.3.7, ~> 6.0.3, >= 6.1.3.2

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

    nokogiri (1.8.4)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-41098

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h

Solution: upgrade to >= 1.12.5

Potential XSS vulnerability in Action View
Open

    actionview (5.0.7)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-15169

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/b-C9kSGXYrc

Solution: upgrade to >= 5.2.4.4, ~> 5.2.4, >= 6.0.3.3

Loofah XSS Vulnerability
Open

    loofah (2.2.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-15587

Criticality: Medium

URL: https://github.com/flavorjones/loofah/issues/171

Solution: upgrade to >= 2.3.1

Function udongo_autocomplete has 116 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  $.fn.udongo_autocomplete = function(options) {
    var original_input = this;
    var settings = $.extend({
      minLength: 2,
      on_add: function(item) { return true; },
Severity: Major
Found in app/assets/javascripts/backend/plugins/autocomplete.js - About 4 hrs to fix

    Assignment Branch Condition size for resize is too high. [37.35/15]
    Open

          def resize(path)
        gravity = @options.key?(:gravity) ? @options[:gravity] : 'Center'

        img = MiniMagick::Image.open(@file)
        cols, rows = img[:dimensions]
    Severity: Minor
    Found in lib/udongo/image_manipulation/resize_to_fill.rb by rubocop

    This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric

    Method has too many lines. [23/10]
    Open

          def resize(path)
        gravity = @options.key?(:gravity) ? @options[:gravity] : 'Center'

        img = MiniMagick::Image.open(@file)
        cols, rows = img[:dimensions]
    Severity: Minor
    Found in lib/udongo/image_manipulation/resize_to_fill.rb by rubocop

    This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

    Assignment Branch Condition size for filename is too high. [24.84/15]
    Open

          def filename(width = nil, height = nil, options = {})
        action = options.key?(:action) ? options[:action] : :resize_to_limit
        quality = options[:quality]
        gravity = options[:gravity].to_s.underscore.split('_').map { |s| s[0,1] }.join
        background = options[:background].to_s.parameterize
    Severity: Minor
    Found in lib/udongo/assets/resizer.rb by rubocop

    This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric

    Assignment Branch Condition size for create is too high. [23.28/15]
    Open

      def create
    @image.build_asset
    @image.asset.filename = params[:image][:asset][:filename]
    @image.asset.description = params[:image][:asset][:description]
    Severity: Minor
    Found in app/controllers/backend/images_controller.rb by rubocop

    This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric

    Assignment Branch Condition size for new is too high. [22.29/15]
    Open

      def new
    if params[:klass] && params[:id] && params[:locale]
      instance = params[:klass].constantize.find params[:id]
      row = instance.content_rows.create!(locale: params[:locale])
    Severity: Minor
    Found in app/controllers/backend/content/rows_controller.rb by rubocop

    This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric

    Method has too many lines. [16/10]
    Open

        def data
      {
        text: @page.description,
        type: :file,
        li_attr: list_attributes,
    Severity: Minor
    Found in lib/udongo/pages/tree_node.rb by rubocop

    This cop checks if the length of a method exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable.

    Assignment Branch Condition size for path is too high. [20.12/15]
    Open

      def path(locale: I18n.locale, options: {})
    return h.send(route, options) if route.present?

    slugs = []
    Severity: Minor
    Found in app/decorators/page_decorator.rb by rubocop

    This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric

    Assignment Branch Condition size for create is too high. [20.45/15]
    Open

      def create
    admin = Admin.find_by(email: params[:session][:email])

    if admin && admin.authenticate(params[:session][:password])
      session[:admin_id] = admin.id
    Severity: Minor
    Found in app/controllers/backend/sessions_controller.rb by rubocop

    This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric

    Severity
    Category
    Status
    Source
    Language