Issues - voxable-labs/hg

Possible exposure of information vulnerability in Action Pack
Open

    actionpack (5.1.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23633

Criticality: High

URL: https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ

Solution: upgrade to >= 5.2.6.2, ~> 5.2.6, >= 6.0.4.6, ~> 6.0.4, >= 6.1.4.6, ~> 6.1.4, >= 7.0.2.2

Inefficient Regular Expression Complexity in Loofah
Open

    loofah (2.1.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23514

Criticality: High

URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-486f-hjj9-9vhh

Solution: upgrade to >= 2.19.1

Denial of Service (DoS) in Nokogiri on JRuby
Open

    nokogiri (1.8.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-24839

Criticality: High

URL: https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv

Solution: upgrade to >= 1.13.4

Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Open

    nokogiri (1.8.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-11068

URL: https://github.com/sparklemotion/nokogiri/issues/1892

Solution: upgrade to >= 1.10.3

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

    nokogiri (1.8.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-26247

Criticality: Low

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m

Solution: upgrade to >= 1.11.0.rc4

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

    nokogiri (1.8.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory:

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw

Solution: upgrade to >= 1.13.9

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23517

Criticality: High

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w

Solution: upgrade to >= 1.4.4

Possible DoS Vulnerability in Action Controller Token Authentication
Open

    actionpack (5.1.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-22904

Criticality: High

URL: https://groups.google.com/g/rubyonrails-security/c/Pf1TjkOBdyQ

Solution: upgrade to ~> 5.2.4.6, ~> 5.2.6, >= 6.0.3.7, ~> 6.0.3, >= 6.1.3.2

Loofah XSS Vulnerability
Open

    loofah (2.1.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-16468

Criticality: Medium

URL: https://github.com/flavorjones/loofah/issues/154

Solution: upgrade to >= 2.2.3

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

    nokogiri (1.8.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory:

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-cgx6-hpwq-fhv5

Solution: upgrade to >= 1.13.5

Directory traversal in Rack::Directory app bundled with Rack
Open

    rack (2.0.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8161

Criticality: High

URL: https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA

Solution: upgrade to ~> 2.1.3, >= 2.2.0

Ability to forge per-form CSRF tokens given a global CSRF token
Open

    actionpack (5.1.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8166

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

    activerecord (5.1.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-44566

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Inefficient Regular Expression Complexity in Nokogiri
Open

    nokogiri (1.8.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-24836

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8

Solution: upgrade to >= 1.13.4

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

    nokogiri (1.8.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-41098

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h

Solution: upgrade to >= 1.12.5

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23518

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m

Solution: upgrade to >= 1.4.4

ReDoS based DoS vulnerability in Action Dispatch
Open

    actionpack (5.1.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2023-22795

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Regular Expression Denial of Service in Addressable templates
Open

    addressable (2.5.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-32740

Criticality: High

URL: https://github.com/advisories/GHSA-jxhc-q857-3j6g

Solution: upgrade to >= 2.8.0

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

    nokogiri (1.8.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-13117

URL: https://github.com/sparklemotion/nokogiri/issues/1943

Solution: upgrade to >= 1.10.5

Improper Handling of Unexpected Data Type in Nokogiri
Open

    nokogiri (1.8.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Create a ticket
Create a ticket
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-29181

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m

Solution: upgrade to >= 1.13.6

voxable-labs/hg

Showing 436 of 436 total issues

Possible exposure of information vulnerability in Action Pack
Open

Inefficient Regular Expression Complexity in Loofah
Open

Denial of Service (DoS) in Nokogiri on JRuby
Open

Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

Possible DoS Vulnerability in Action Controller Token Authentication
Open

Loofah XSS Vulnerability
Open

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

Directory traversal in Rack::Directory app bundled with Rack
Open

Ability to forge per-form CSRF tokens given a global CSRF token
Open

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

Inefficient Regular Expression Complexity in Nokogiri
Open

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

ReDoS based DoS vulnerability in Action Dispatch
Open

Regular Expression Denial of Service in Addressable templates
Open

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

Improper Handling of Unexpected Data Type in Nokogiri
Open

Severity

Category

Status

Source

Language

voxable-labs/hg

Showing 436 of 436 total issues

Possible exposure of information vulnerability in Action Pack Open

Inefficient Regular Expression Complexity in Loofah Open

Denial of Service (DoS) in Nokogiri on JRuby Open

Nokogiri gem, via libxslt, is affected by improper access control vulnerability Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs Open

Inefficient Regular Expression Complexity in rails-html-sanitizer Open

Possible DoS Vulnerability in Action Controller Token Authentication Open

Loofah XSS Vulnerability Open

Integer Overflow or Wraparound in libxml2 affects Nokogiri Open

Directory traversal in Rack::Directory app bundled with Rack Open

Ability to forge per-form CSRF tokens given a global CSRF token Open

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter Open

Inefficient Regular Expression Complexity in Nokogiri Open

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer Open

ReDoS based DoS vulnerability in Action Dispatch Open

Regular Expression Denial of Service in Addressable templates Open

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities Open

Improper Handling of Unexpected Data Type in Nokogiri Open

Severity

Category

Status

Source

Language

Possible exposure of information vulnerability in Action Pack
Open

Inefficient Regular Expression Complexity in Loofah
Open

Denial of Service (DoS) in Nokogiri on JRuby
Open

Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Open

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

Possible DoS Vulnerability in Action Controller Token Authentication
Open

Loofah XSS Vulnerability
Open

Integer Overflow or Wraparound in libxml2 affects Nokogiri
Open

Directory traversal in Rack::Directory app bundled with Rack
Open

Ability to forge per-form CSRF tokens given a global CSRF token
Open

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

Inefficient Regular Expression Complexity in Nokogiri
Open

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

ReDoS based DoS vulnerability in Action Dispatch
Open

Regular Expression Denial of Service in Addressable templates
Open

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Open

Improper Handling of Unexpected Data Type in Nokogiri
Open