Issues - virajmahesh/icsi-shift-scheduler

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

    json (1.8.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-10663

Criticality: High

URL: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/

Solution: upgrade to >= 2.3.0

Cross-site Scripting in Sidekiq
Open

    sidekiq (4.1.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-30151

Criticality: Medium

URL: https://github.com/advisories/GHSA-grh7-935j-hg6w

Solution: upgrade to ~> 5.2.0, >= 6.2.1

Possible Strong Parameters Bypass in ActionPack
Open

    actionpack (4.2.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8164

Criticality: High

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

Denial of Service Vulnerability in Rack Content-Disposition parsing
Open

    rack (1.6.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-44571

URL: https://github.com/rack/rack/releases/tag/v3.0.4.1

Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.1, ~> 2.2.6, >= 3.0.4.1

Possible XSS Vulnerability in Action View tag helpers
Open

    actionview (4.2.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-27777

Criticality: Medium

URL: https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw

Solution: upgrade to >= 5.2.7.1, ~> 5.2.7, >= 6.0.4.8, ~> 6.0.4, >= 6.1.5.1, ~> 6.1.5, >= 7.0.2.4

Possible DoS Vulnerability in Active Record PostgreSQL adapter
Open

    activerecord (4.2.5)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-22880

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/ZzUqCh9vyhI

Solution: upgrade to >= 5.2.4.5, ~> 5.2.4, >= 6.0.3.5, ~> 6.0.3, >= 6.1.2.1

Directory traversal in Rack::Directory app bundled with Rack
Open

    rack (1.6.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8161

Criticality: High

URL: https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA

Solution: upgrade to ~> 2.1.3, >= 2.2.0

Denial of service via header parsing in Rack
Open

    rack (1.6.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-44570

URL: https://github.com/rack/rack/releases/tag/v3.0.4.1

Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.2, ~> 2.2.6, >= 3.0.4.1

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

    nokogiri (1.6.7.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-26247

Criticality: Low

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m

Solution: upgrade to >= 1.11.0.rc4

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

    nokogiri (1.6.7.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2017-16932

URL: https://github.com/sparklemotion/nokogiri/issues/1714

Solution: upgrade to >= 1.8.1

Revert libxml2 behavior in Nokogiri gem that could cause XSS
Open

    nokogiri (1.6.7.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-8048

URL: https://github.com/sparklemotion/nokogiri/pull/1746

Solution: upgrade to >= 1.8.3

i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS
Open

    i18n (0.7.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2014-10077

URL: https://github.com/svenfuchs/i18n/pull/289

Solution: upgrade to >= 0.8.0

Inefficient Regular Expression Complexity in Nokogiri
Open

    nokogiri (1.6.7.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-24836

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8

Solution: upgrade to >= 1.13.4

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23520

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8

Solution: upgrade to >= 1.4.4

Denial of Service in rubyzip ("zip bombs")
Open

    rubyzip (1.2.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-16892

Criticality: Medium

URL: https://github.com/rubyzip/rubyzip/pull/403

Solution: upgrade to >= 1.3.0

Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29
Open

    nokogiri (1.6.7.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2017-5029

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1634

Solution: upgrade to >= 1.7.2

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23518

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m

Solution: upgrade to >= 1.4.4

Gon gem lack of escaping certain input when outputting as JSON
Open

    gon (6.0.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-25739

Criticality: Medium

URL: https://github.com/gazay/gon/commit/fe3c7b2191a992386dc9edd37de5447a4e809bc7

Solution: upgrade to >= 6.4.0

Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities
Open

    nokogiri (1.6.7.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2017-9050

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1673

Solution: upgrade to >= 1.8.1

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

    nokogiri (1.6.7.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-cgx6-hpwq-fhv5

Solution: upgrade to >= 1.13.5

virajmahesh/icsi-shift-scheduler

Showing 150 of 150 total issues

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

Cross-site Scripting in Sidekiq
Open

Possible Strong Parameters Bypass in ActionPack
Open

Denial of Service Vulnerability in Rack Content-Disposition parsing
Open

Possible XSS Vulnerability in Action View tag helpers
Open

Possible DoS Vulnerability in Active Record PostgreSQL adapter
Open

Directory traversal in Rack::Directory app bundled with Rack
Open

Denial of service via header parsing in Rack
Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

Revert libxml2 behavior in Nokogiri gem that could cause XSS
Open

i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS
Open

Inefficient Regular Expression Complexity in Nokogiri
Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

Denial of Service in rubyzip ("zip bombs")
Open

Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29
Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

Gon gem lack of escaping certain input when outputting as JSON
Open

Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities
Open

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

Severity

Category

Status

Source

Language

virajmahesh/icsi-shift-scheduler

Showing 150 of 150 total issues

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix) Open

Cross-site Scripting in Sidekiq Open

Possible Strong Parameters Bypass in ActionPack Open

Denial of Service Vulnerability in Rack Content-Disposition parsing Open

Possible XSS Vulnerability in Action View tag helpers Open

Possible DoS Vulnerability in Active Record PostgreSQL adapter Open

Directory traversal in Rack::Directory app bundled with Rack Open

Denial of service via header parsing in Rack Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities Open

Revert libxml2 behavior in Nokogiri gem that could cause XSS Open

i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS Open

Inefficient Regular Expression Complexity in Nokogiri Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer Open

Denial of Service in rubyzip ("zip bombs") Open

Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29 Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer Open

Gon gem lack of escaping certain input when outputting as JSON Open

Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities Open

Integer Overflow or Wraparound in libxml2 affects Nokogiri Open

Severity

Category

Status

Source

Language

json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
Open

Cross-site Scripting in Sidekiq
Open

Possible Strong Parameters Bypass in ActionPack
Open

Denial of Service Vulnerability in Rack Content-Disposition parsing
Open

Possible XSS Vulnerability in Action View tag helpers
Open

Possible DoS Vulnerability in Active Record PostgreSQL adapter
Open

Directory traversal in Rack::Directory app bundled with Rack
Open

Denial of service via header parsing in Rack
Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

Revert libxml2 behavior in Nokogiri gem that could cause XSS
Open

i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS
Open

Inefficient Regular Expression Complexity in Nokogiri
Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

Denial of Service in rubyzip ("zip bombs")
Open

Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29
Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

Gon gem lack of escaping certain input when outputting as JSON
Open

Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities
Open

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open