Issues - yogodoshi/cansei

Directory Traversal in rubyzip
Open

    rubyzip (1.2.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-1000544

Criticality: Critical

URL: https://github.com/rubyzip/rubyzip/issues/369

Solution: upgrade to >= 1.2.2

ruby-ffi DDL loading issue on Windows OS
Open

    ffi (1.9.18)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-1000201

Criticality: High

URL: https://github.com/ffi/ffi/releases/tag/1.9.24

Solution: upgrade to >= 1.9.24

Improper Certificate Validation in oauth ruby gem
Open

    oauth (0.5.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2016-11086

Criticality: High

URL: https://github.com/advisories/GHSA-7359-3c6r-hfc2

Solution: upgrade to >= 0.5.5

Possible shell escape sequence injection vulnerability in Rack
Open

    rack (2.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-30123

Criticality: Critical

URL: https://groups.google.com/g/ruby-security-ann/c/LWB10kWzag8

Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1

File Content Disclosure in Action View
Open

    actionview (5.1.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-5418

Criticality: High

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q

Solution: upgrade to >= 4.2.11.1, ~> 4.2.11, >= 5.0.7.2, ~> 5.0.7, >= 5.1.6.2, ~> 5.1.6, >= 5.2.2.1, ~> 5.2.2, >= 6.0.0.beta3

Possible information leak / session hijack vulnerability
Open

    rack (2.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-16782

Criticality: Medium

URL: https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3

Solution: upgrade to ~> 1.6.12, >= 2.0.8

Path Traversal in Sprockets
Open

    sprockets (3.7.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-3760

Criticality: High

URL: https://groups.google.com/forum/#!topic/ruby-security-ann/2S9Pwz2i16k

Solution: upgrade to < 3.0.0, >= 2.12.5, < 4.0.0, >= 3.7.2, >= 4.0.0.beta8

Nokogiri gem, via libxml2, is affected by multiple vulnerabilities
Open

    nokogiri (1.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-14404

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1785

Solution: upgrade to >= 1.8.5

Denial of Service Vulnerability in Rack Multipart Parsing
Open

    rack (2.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-30122

Criticality: High

URL: https://groups.google.com/g/ruby-security-ann/c/L2Axto442qk

Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1

Moderate severity vulnerability that affects nokogiri
Open

    nokogiri (1.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2017-18258

Criticality: Medium

URL: https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb

Solution: upgrade to >= 1.8.2

Revert libxml2 behavior in Nokogiri gem that could cause XSS
Open

    nokogiri (1.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-8048

URL: https://github.com/sparklemotion/nokogiri/pull/1746

Solution: upgrade to >= 1.8.3

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

    nokogiri (1.8.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2017-15412

URL: https://github.com/sparklemotion/nokogiri/issues/1714

Solution: upgrade to >= 1.8.2

Possible XSS vulnerability in Rack
Open

    rack (2.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-16471

URL: https://groups.google.com/forum/#!topic/ruby-security-ann/NAalCee8n6o

Solution: upgrade to ~> 1.6.11, >= 2.0.6

Broken Access Control vulnerability in Active Job
Open

    activejob (5.1.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-16476

Criticality: High

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/FL4dSdzr2zw

Solution: upgrade to ~> 4.2.11, ~> 5.0.7.1, ~> 5.1.6.1, ~> 5.1.7, >= 5.2.1.1

Denial of Service Vulnerability in Rack Content-Disposition parsing
Open

    rack (2.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-44571

URL: https://github.com/rack/rack/releases/tag/v3.0.4.1

Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.1, ~> 2.2.6, >= 3.0.4.1

Regular Expression Denial of Service in websocket-extensions (RubyGem)
Open

    websocket-extensions (0.1.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-7663

Criticality: High

URL: https://github.com/faye/websocket-extensions-ruby/security/advisories/GHSA-g6wq-qcwm-j5g2

Solution: upgrade to >= 0.1.5

XSS vulnerability in rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-3741

URL: https://groups.google.com/d/msg/rubyonrails-security/tP7W3kLc5u4/uDy2Br7xBgAJ

Solution: upgrade to >= 1.0.4

Denial of Service Vulnerability in Action View
Open

    actionview (5.1.4)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-5419

Criticality: High

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/GN7w9fFAQeI

Solution: upgrade to >= 6.0.0.beta3, >= 5.2.2.1, ~> 5.2.2, >= 5.1.6.2, ~> 5.1.6, >= 5.0.7.2, ~> 5.0.7, >= 4.2.11.1, ~> 4.2.11

TZInfo relative path traversal vulnerability allows loading of arbitrary files
Open

    tzinfo (1.2.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-31163

Criticality: High

URL: https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx

Solution: upgrade to ~> 0.3.61, >= 1.2.10

Denial of service via multipart parsing in Rack
Open

    rack (2.0.3)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-44572

URL: https://github.com/rack/rack/releases/tag/v3.0.4.1

Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.1, ~> 2.2.6, >= 3.0.4.1

yogodoshi/cansei

Showing 105 of 105 total issues

Directory Traversal in rubyzip
Open

ruby-ffi DDL loading issue on Windows OS
Open

Improper Certificate Validation in oauth ruby gem
Open

Possible shell escape sequence injection vulnerability in Rack
Open

File Content Disclosure in Action View
Open

Possible information leak / session hijack vulnerability
Open

Path Traversal in Sprockets
Open

Nokogiri gem, via libxml2, is affected by multiple vulnerabilities
Open

Denial of Service Vulnerability in Rack Multipart Parsing
Open

Moderate severity vulnerability that affects nokogiri
Open

Revert libxml2 behavior in Nokogiri gem that could cause XSS
Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

Possible XSS vulnerability in Rack
Open

Broken Access Control vulnerability in Active Job
Open

Denial of Service Vulnerability in Rack Content-Disposition parsing
Open

Regular Expression Denial of Service in websocket-extensions (RubyGem)
Open

XSS vulnerability in rails-html-sanitizer
Open

Denial of Service Vulnerability in Action View
Open

TZInfo relative path traversal vulnerability allows loading of arbitrary files
Open

Denial of service via multipart parsing in Rack
Open

Severity

Category

Status

Source

Language

yogodoshi/cansei

Showing 105 of 105 total issues

Directory Traversal in rubyzip Open

ruby-ffi DDL loading issue on Windows OS Open

Improper Certificate Validation in oauth ruby gem Open

Possible shell escape sequence injection vulnerability in Rack Open

File Content Disclosure in Action View Open

Possible information leak / session hijack vulnerability Open

Path Traversal in Sprockets Open

Nokogiri gem, via libxml2, is affected by multiple vulnerabilities Open

Denial of Service Vulnerability in Rack Multipart Parsing Open

Moderate severity vulnerability that affects nokogiri Open

Revert libxml2 behavior in Nokogiri gem that could cause XSS Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities Open

Possible XSS vulnerability in Rack Open

Broken Access Control vulnerability in Active Job Open

Denial of Service Vulnerability in Rack Content-Disposition parsing Open

Regular Expression Denial of Service in websocket-extensions (RubyGem) Open

XSS vulnerability in rails-html-sanitizer Open

Denial of Service Vulnerability in Action View Open

TZInfo relative path traversal vulnerability allows loading of arbitrary files Open

Denial of service via multipart parsing in Rack Open

Severity

Category

Status

Source

Language

Directory Traversal in rubyzip
Open

ruby-ffi DDL loading issue on Windows OS
Open

Improper Certificate Validation in oauth ruby gem
Open

Possible shell escape sequence injection vulnerability in Rack
Open

File Content Disclosure in Action View
Open

Possible information leak / session hijack vulnerability
Open

Path Traversal in Sprockets
Open

Nokogiri gem, via libxml2, is affected by multiple vulnerabilities
Open

Denial of Service Vulnerability in Rack Multipart Parsing
Open

Moderate severity vulnerability that affects nokogiri
Open

Revert libxml2 behavior in Nokogiri gem that could cause XSS
Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

Possible XSS vulnerability in Rack
Open

Broken Access Control vulnerability in Active Job
Open

Denial of Service Vulnerability in Rack Content-Disposition parsing
Open

Regular Expression Denial of Service in websocket-extensions (RubyGem)
Open

XSS vulnerability in rails-html-sanitizer
Open

Denial of Service Vulnerability in Action View
Open

TZInfo relative path traversal vulnerability allows loading of arbitrary files
Open

Denial of service via multipart parsing in Rack
Open