Issues - westlakedesign/stripe_webhooks

Inefficient Regular Expression Complexity in Loofah
Open

    loofah (2.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23514

Criticality: High

URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-486f-hjj9-9vhh

Solution: upgrade to >= 2.19.1

Loofah XSS Vulnerability
Open

    loofah (2.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-15587

Criticality: Medium

URL: https://github.com/flavorjones/loofah/issues/171

Solution: upgrade to >= 2.3.1

Inefficient Regular Expression Complexity in Nokogiri
Open

    nokogiri (1.7.0.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-24836

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8

Solution: upgrade to >= 1.13.4

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23518

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m

Solution: upgrade to >= 1.4.4

OS Command Injection in Rake
Open

    rake (12.0.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8130

Criticality: High

URL: https://github.com/advisories/GHSA-jppv-gw3r-w3q8

Solution: upgrade to >= 12.3.3

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

    nokogiri (1.7.0.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-30560

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2

Solution: upgrade to >= 1.13.2

Directory traversal in Rack::Directory app bundled with Rack
Open

    rack (2.0.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8161

Criticality: High

URL: https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA

Solution: upgrade to ~> 2.1.3, >= 2.2.0

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23517

Criticality: High

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w

Solution: upgrade to >= 1.4.4

Possible Strong Parameters Bypass in ActionPack
Open

    actionpack (5.0.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8164

Criticality: High

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

Possible RCE escalation bug with Serialized Columns in Active Record
Open

    activerecord (5.0.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-32224

Criticality: Critical

URL: https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U

Solution: upgrade to >= 5.2.8.1, ~> 5.2.8, >= 6.0.5.1, ~> 6.0.5, >= 6.1.6.1, ~> 6.1.6, >= 7.0.3.1

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

    nokogiri (1.7.0.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64

Solution: upgrade to >= 1.11.4

Revert libxml2 behavior in Nokogiri gem that could cause XSS
Open

    nokogiri (1.7.0.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-8048

URL: https://github.com/sparklemotion/nokogiri/pull/1746

Solution: upgrade to >= 1.8.3

Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29
Open

    nokogiri (1.7.0.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2017-5029

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1634

Solution: upgrade to >= 1.7.2

Denial of Service Vulnerability in Action View
Open

    actionview (5.0.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-5419

Criticality: High

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/GN7w9fFAQeI

Solution: upgrade to >= 6.0.0.beta3, >= 5.2.2.1, ~> 5.2.2, >= 5.1.6.2, ~> 5.1.6, >= 5.0.7.2, ~> 5.0.7, >= 4.2.11.1, ~> 4.2.11

Denial of service via header parsing in Rack
Open

    rack (2.0.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-44570

URL: https://github.com/rack/rack/releases/tag/v3.0.4.1

Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.2, ~> 2.2.6, >= 3.0.4.1

Possible XSS vulnerability in Rack
Open

    rack (2.0.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-16471

URL: https://groups.google.com/forum/#!topic/ruby-security-ann/NAalCee8n6o

Solution: upgrade to ~> 1.6.11, >= 2.0.6

Denial of service via multipart parsing in Rack
Open

    rack (2.0.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-44572

URL: https://github.com/rack/rack/releases/tag/v3.0.4.1

Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.1, ~> 2.2.6, >= 3.0.4.1

Possible shell escape sequence injection vulnerability in Rack
Open

    rack (2.0.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-30123

Criticality: Critical

URL: https://groups.google.com/g/ruby-security-ann/c/LWB10kWzag8

Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1

Denial of Service Vulnerability in Rack Multipart Parsing
Open

    rack (2.0.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-30122

Criticality: High

URL: https://groups.google.com/g/ruby-security-ann/c/L2Axto442qk

Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1

TZInfo relative path traversal vulnerability allows loading of arbitrary files
Open

    tzinfo (1.2.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-31163

Criticality: High

URL: https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx

Solution: upgrade to ~> 0.3.61, >= 1.2.10

westlakedesign/stripe_webhooks

Showing 82 of 82 total issues

Inefficient Regular Expression Complexity in Loofah
Open

Loofah XSS Vulnerability
Open

Inefficient Regular Expression Complexity in Nokogiri
Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

OS Command Injection in Rake
Open

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

Directory traversal in Rack::Directory app bundled with Rack
Open

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

Possible Strong Parameters Bypass in ActionPack
Open

Possible RCE escalation bug with Serialized Columns in Active Record
Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

Revert libxml2 behavior in Nokogiri gem that could cause XSS
Open

Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29
Open

Denial of Service Vulnerability in Action View
Open

Denial of service via header parsing in Rack
Open

Possible XSS vulnerability in Rack
Open

Denial of service via multipart parsing in Rack
Open

Possible shell escape sequence injection vulnerability in Rack
Open

Denial of Service Vulnerability in Rack Multipart Parsing
Open

TZInfo relative path traversal vulnerability allows loading of arbitrary files
Open

Severity

Category

Status

Source

Language

westlakedesign/stripe_webhooks

Showing 82 of 82 total issues

Inefficient Regular Expression Complexity in Loofah Open

Loofah XSS Vulnerability Open

Inefficient Regular Expression Complexity in Nokogiri Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer Open

OS Command Injection in Rake Open

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35) Open

Directory traversal in Rack::Directory app bundled with Rack Open

Inefficient Regular Expression Complexity in rails-html-sanitizer Open

Possible Strong Parameters Bypass in ActionPack Open

Possible RCE escalation bug with Serialized Columns in Active Record Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12 Open

Revert libxml2 behavior in Nokogiri gem that could cause XSS Open

Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29 Open

Denial of Service Vulnerability in Action View Open

Denial of service via header parsing in Rack Open

Possible XSS vulnerability in Rack Open

Denial of service via multipart parsing in Rack Open

Possible shell escape sequence injection vulnerability in Rack Open

Denial of Service Vulnerability in Rack Multipart Parsing Open

TZInfo relative path traversal vulnerability allows loading of arbitrary files Open

Severity

Category

Status

Source

Language

Inefficient Regular Expression Complexity in Loofah
Open

Loofah XSS Vulnerability
Open

Inefficient Regular Expression Complexity in Nokogiri
Open

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

OS Command Injection in Rake
Open

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Open

Directory traversal in Rack::Directory app bundled with Rack
Open

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

Possible Strong Parameters Bypass in ActionPack
Open

Possible RCE escalation bug with Serialized Columns in Active Record
Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

Revert libxml2 behavior in Nokogiri gem that could cause XSS
Open

Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29
Open

Denial of Service Vulnerability in Action View
Open

Denial of service via header parsing in Rack
Open

Possible XSS vulnerability in Rack
Open

Denial of service via multipart parsing in Rack
Open

Possible shell escape sequence injection vulnerability in Rack
Open

Denial of Service Vulnerability in Rack Multipart Parsing
Open

TZInfo relative path traversal vulnerability allows loading of arbitrary files
Open