Showing 594 of 594 total issues
Gon gem lack of escaping certain input when outputting as JSON Open
gon (6.2.1)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2020-25739
Criticality: Medium
URL: https://github.com/gazay/gon/commit/fe3c7b2191a992386dc9edd37de5447a4e809bc7
Solution: upgrade to >= 6.4.0
Nokogiri gem, via libxslt, is affected by multiple vulnerabilities Open
nokogiri (1.8.5)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2019-13117
URL: https://github.com/sparklemotion/nokogiri/issues/1943
Solution: upgrade to >= 1.10.5
Possible XSS vulnerability with certain configurations of rails-html-sanitizer Open
rails-html-sanitizer (1.0.4)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2022-23519
Criticality: Medium
URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h
Solution: upgrade to >= 1.4.4
Inefficient Regular Expression Complexity in rails-html-sanitizer Open
rails-html-sanitizer (1.0.4)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2022-23517
Criticality: High
URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w
Solution: upgrade to >= 1.4.4
Keepalive thread overload/DoS in puma Open
puma (3.11.4)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2019-16770
Criticality: High
URL: https://github.com/puma/puma/security/advisories/GHSA-7xx3-m584-x994
Solution: upgrade to ~> 3.12.2, >= 4.3.1
Race condition when using persistent connections Open
excon (0.62.0)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2019-16779
Criticality: Medium
URL: https://github.com/excon/excon/security/advisories/GHSA-q58g-455p-8vw9
Solution: upgrade to >= 0.71.0
Injection/XSS in Redcarpet Open
redcarpet (3.4.0)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2020-26298
Criticality: Medium
URL: https://github.com/vmg/redcarpet/commit/a699c82292b17c8e6a62e1914d5eccc252272793
Solution: upgrade to >= 3.5.1
ReDoS based DoS vulnerability in Action Dispatch Open
actionpack (5.1.6)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2023-22795
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1
Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability Open
nokogiri (1.8.5)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2020-26247
Criticality: Low
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m
Solution: upgrade to >= 1.11.0.rc4
Denial of service in sidekiq Open
sidekiq (5.1.3)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2022-23837
Criticality: High
URL: https://github.com/mperham/sidekiq/commit/7785ac1399f1b28992adb56055f6acd88fd1d956
Solution: upgrade to >= 6.4.0, ~> 5.2.10
Percent-encoded cookies can be used to overwrite existing prefixed cookie names Open
rack (2.0.6)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2020-8184
Criticality: High
URL: https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak
Solution: upgrade to ~> 2.1.4, >= 2.2.3
Regular Expression Denial of Service in Addressable templates Open
addressable (2.5.2)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2021-32740
Criticality: High
URL: https://github.com/advisories/GHSA-jxhc-q857-3j6g
Solution: upgrade to >= 2.8.0
A potential Denial of Service issue in protobuf-java Open
google-protobuf (3.5.1.2)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2021-22569
Criticality: High
URL: https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-wrvw-hg22-4m67
Solution: upgrade to >= 3.19.2
Out-of-bounds Write in zlib affects Nokogiri Open
nokogiri (1.8.5)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2018-25032
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5
Solution: upgrade to >= 1.13.4
Denial of Service (DoS) in Nokogiri on JRuby Open
nokogiri (1.8.5)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2022-24839
Criticality: High
URL: https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv
Solution: upgrade to >= 1.13.4
CSRF Vulnerability with Non-Session Based Authentication Open
pghero (2.1.1)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2020-16253
Criticality: High
URL: https://github.com/ankane/pghero/issues/330
Solution: upgrade to >= 2.7.0
Cross-site Scripting in Sidekiq Open
sidekiq (5.1.3)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2021-30151
Criticality: Medium
URL: https://github.com/advisories/GHSA-grh7-935j-hg6w
Solution: upgrade to ~> 5.2.0, >= 6.2.1
sinatra does not validate expanded path matches Open
sinatra (2.0.3)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2022-29970
Criticality: High
URL: https://github.com/sinatra/sinatra/pull/1683
Solution: upgrade to >= 2.2.0
Possible Strong Parameters Bypass in ActionPack Open
actionpack (5.1.6)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2020-8164
Criticality: High
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY
Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1
Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file Open
nokogiri (1.8.5)
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Advisory: CVE-2019-5477
Criticality: Critical
URL: https://github.com/sparklemotion/nokogiri/issues/1915
Solution: upgrade to >= 1.10.4