Sign upLogin

v-kolesnikov/emilito

View on GitHub
Star
Gemfile.lock

Summary

Maintainability
Test Coverage

Showing 93 of 93 total issues

simple_form Gem for Ruby Incorrect Access Control for forms based on user input
Open

    simple_form (3.3.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Information Exposure with Puma when used with Rails
Open

    puma (3.6.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

HTTP Request Smuggling in puma
Open

    puma (3.6.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Keepalive Connections Causing Denial Of Service in puma
Open

    puma (3.6.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

ReDoS based DoS vulnerability in GlobalID
Open

    globalid (0.3.7)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma
Open

    puma (3.6.2)
Severity: Info
Found in Gemfile.lock by bundler-audit

Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
Open

    activesupport (5.0.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities
Open

    nokogiri (1.7.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

    puma (3.6.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

ReDoS based DoS vulnerability in Action Dispatch
Open

    actionpack (5.0.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Possible XSS vulnerability in ActionView
Open

    actionview (5.0.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Regular Expression Denial of Service in Addressable templates
Open

    addressable (2.5.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Possible Information Disclosure / Unintended Method Execution in Action Pack
Open

    actionpack (5.0.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Moderate severity vulnerability that affects nokogiri
Open

    nokogiri (1.7.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Loofah XSS Vulnerability
Open

    loofah (2.0.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

RuboCop gem Insecure use of /tmp
Open

    rubocop (0.46.0)
Severity: Info
Found in Gemfile.lock by bundler-audit

Possible DoS Vulnerability in Action Controller Token Authentication
Open

    actionpack (5.0.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Open

    nokogiri (1.7.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Inefficient Regular Expression Complexity in Nokogiri
Open

    nokogiri (1.7.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Potential XSS vulnerability in Action View
Open

    actionview (5.0.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

CSRF Vulnerability in rails-ujs
Open

    actionview (5.0.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Possible DoS Vulnerability in Active Record PostgreSQL adapter
Open

    activerecord (5.0.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Denial of Service (DoS) in Nokogiri on JRuby
Open

    nokogiri (1.7.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Improper Handling of Unexpected Data Type in Nokogiri
Open

    nokogiri (1.7.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

    rack (2.0.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Ability to forge per-form CSRF tokens given a global CSRF token
Open

    actionpack (5.0.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

ReDoS based DoS vulnerability in Active Support’s underscore
Open

    activesupport (5.0.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

XSS vulnerability in bootstrap
Open

    bootstrap (4.0.0.alpha4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

    nokogiri (1.7.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Directory traversal in Rack::Directory app bundled with Rack
Open

    rack (2.0.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS
Open

    i18n (0.7.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

    nokogiri (1.7.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Nokogiri gem, via libxml2, is affected by multiple vulnerabilities
Open

    nokogiri (1.7.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Possible RCE escalation bug with Serialized Columns in Active Record
Open

    activerecord (5.0.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

    nokogiri (1.7.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Revert libxml2 behavior in Nokogiri gem that could cause XSS
Open

    nokogiri (1.7.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Possible Strong Parameters Bypass in ActionPack
Open

    actionpack (5.0.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

HTTP Smuggling via Transfer-Encoding Header in Puma
Open

    puma (3.6.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Keepalive thread overload/DoS in puma
Open

    puma (3.6.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

ReDoS based DoS vulnerability in Action Dispatch
Open

    actionpack (5.0.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

HTTP Response Splitting (Early Hints) in Puma
Open

    puma (3.6.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Possible exposure of information vulnerability in Action Pack
Open

    actionpack (5.0.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Possible XSS Vulnerability in Action View tag helpers
Open

    actionview (5.0.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Prototype pollution attack through jQuery $.extend
Open

    jquery-rails (4.2.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

    nokogiri (1.7.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

    nokogiri (1.7.0)
Severity: Info
Found in Gemfile.lock by bundler-audit

libxml2 2.9.10 has an infinite loop in a certain end-of-file situation
Open

    nokogiri (1.7.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Out-of-bounds Write in zlib affects Nokogiri
Open

    nokogiri (1.7.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

    activerecord (5.0.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

    nokogiri (1.7.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

    rails-html-sanitizer (1.0.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Potential XSS vulnerability in jQuery
Open

    jquery-rails (4.2.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

    nokogiri (1.7.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

XML Injection in Xerces Java affects Nokogiri
Open

    nokogiri (1.7.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

OS Command Injection in Rake
Open

    rake (12.0.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Denial of Service in rubyzip ("zip bombs")
Open

    rubyzip (1.2.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

XSS vulnerabilities via data-parent, data-target, data-container in bootstrap
Open

    bootstrap (4.0.0.alpha4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Doorkeeper gem does not revoke token for public clients
Open

    doorkeeper (4.2.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

    json (2.0.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

    nokogiri (1.7.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

HTTP Response Splitting vulnerability in puma
Open

    puma (3.6.2)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Inefficient Regular Expression Complexity in Loofah
Open

    loofah (2.0.3)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

    nokogiri (1.7.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Loofah XSS Vulnerability
Open

    loofah (2.0.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Loofah XSS Vulnerability
Open

    loofah (2.0.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

    nokogiri (1.7.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Denial of service via multipart parsing in Rack
Open

    rack (2.0.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Possible XSS vulnerability in Rack
Open

    rack (2.0.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Directory Traversal in rubyzip
Open

    rubyzip (1.2.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Possible shell escape sequence injection vulnerability in Rack
Open

    rack (2.0.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

XSS vulnerability in rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Broken Access Control vulnerability in Active Job
Open

    activejob (5.0.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

File Content Disclosure in Action View
Open

    actionview (5.0.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Denial of Service Vulnerability in Action View
Open

    actionview (5.0.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Directory traversal vulnerability in rubyzip
Open

    rubyzip (1.2.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Path Traversal in Sprockets
Open

    sprockets (3.7.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Denial of Service Vulnerability in Rack Content-Disposition parsing
Open

    rack (2.0.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

TZInfo relative path traversal vulnerability allows loading of arbitrary files
Open

    tzinfo (1.2.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Regular Expression Denial of Service in websocket-extensions (RubyGem)
Open

    websocket-extensions (0.1.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Nokogiri gem contains several vulnerabilities in libxml2 and libxslt
Open

    nokogiri (1.7.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Denial of service via header parsing in Rack
Open

    rack (2.0.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Doorkeeper gem has stored XSS on authorization consent view
Open

    doorkeeper (4.2.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

ruby-ffi DDL loading issue on Windows OS
Open

    ffi (1.9.14)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29
Open

    nokogiri (1.7.0)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Denial of Service Vulnerability in Rack Multipart Parsing
Open

    rack (2.0.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Possible information leak / session hijack vulnerability
Open

    rack (2.0.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

rails-html-sanitizer 1.0.3 is vulnerable (CVE-2018-3741). Upgrade to 1.0.4
Open

    rails-html-sanitizer (1.0.3)
Severity: Minor
Found in Gemfile.lock by brakeman

Loofah 2.0.3 is vulnerable (CVE-2018-8048). Upgrade to 2.1.2
Open

    loofah (2.0.3)
Severity: Minor
Found in Gemfile.lock by brakeman

XSS vulnerability via data-target in bootstrap
Open

    bootstrap (4.0.0.alpha4)
Severity: Minor
Found in Gemfile.lock by bundler-audit
Category
Status