Vulnerabilities

 1 via 1 paths

Dependencies

 216

Source

 GitHub

Commit

 a73410ef

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Issue type
  • 1
  • 2
Severity
  • 2
  • 1
Status
  • 3
  • 0
  • 0

high severity

GPL-3.0 license

  • Module: bundler-audit
  • Introduced through: bundler-audit@0.9.3

Detailed paths

  • Introduced through: coreinfrastructure/best-practices-badge@coreinfrastructure/best-practices-badge#a73410efbb4d66310da7d892fb6c2fb7e83e87ea bundler-audit@0.9.3

GPL-3.0 license

GPL-3.0 license vulnerability report

high severity

GPL-2.0 license

  • Module: ruby-graphviz
  • Introduced through: ruby-graphviz@1.2.5

Detailed paths

  • Introduced through: coreinfrastructure/best-practices-badge@coreinfrastructure/best-practices-badge#a73410efbb4d66310da7d892fb6c2fb7e83e87ea ruby-graphviz@1.2.5

GPL-2.0 license

GPL-2.0 license vulnerability report

medium severity

Cross-site Scripting (XSS)

  • Vulnerable module: erubis
  • Introduced through: rails_best_practices@1.23.3

Detailed paths

  • Introduced through: coreinfrastructure/best-practices-badge@coreinfrastructure/best-practices-badge#a73410efbb4d66310da7d892fb6c2fb7e83e87ea rails_best_practices@1.23.3 erubis@2.7.0

Overview

erubis is an implementation of eRuby and has the following features:

Affected versions of the package are vulnerable to Cross-site Scripting (XSS). Single quotes were not properly escaped in the helper.rb and helpers/rails_helper.rb files. The Erubis Documentation shows missing escaping.

Details

<>

Remediation

There is no fix version for erubis.

References

Cross-site Scripting (XSS) vulnerability report