tiagolnobre / budget-app-api Goto Github PK
View Code? Open in Web Editor NEWLicense: MIT License
budget-app-api's Introduction
budget-app-api's People
Contributors
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
![depfu[bot] avatar](https://avatars.githubusercontent.com/in/715?v=4 "depfu[bot]")
![mend-bolt-for-github[bot] avatar](https://avatars.githubusercontent.com/in/16809?v=4 "mend-bolt-for-github[bot]")
Watchers
budget-app-api's Issues
Improve match filters tags
Set defaults :negative_balance and :positive_balance to 0
CVE-2020-8264 (High) detected in actionpack-6.0.3.2.gem - autoclosed
CVE-2020-8264 - High Severity Vulnerability
Vulnerable Library - actionpack-6.0.3.2.gem
Web apps on Rails. Simple, battle-tested conventions for building and testing MVC web applications. Works with any Rack-compatible server.
Library home page: https://rubygems.org/gems/actionpack-6.0.3.2.gem
Dependency Hierarchy:
- active_model_serializers-0.10.10.gem (Root Library)
- ❌ actionpack-6.0.3.2.gem (Vulnerable Library)
Found in HEAD commit: 65fe5d00beae291d2c89b4df6d9241726aa3759e
Found in base branch: master
Vulnerability Details
There is a possible XSS vulnerability in Action Pack while the application server is in development mode. This vulnerability is in the Actionable Exceptions middleware. This vulnerability has been assigned the CVE identifier CVE-2020-8264.
Publish Date: 2020-07-21
URL: CVE-2020-8264
CVSS 3 Score Details (8.7)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://github.com/rails/rails/tree/v6.0.3.4
Release Date: 2020-07-21
Fix Resolution: v6.0.3.4
Step up your Open Source Security Game with WhiteSource here
CVE-2020-26247 (Low) detected in nokogiri-1.11.0.rc3.gem - autoclosed
CVE-2020-26247 - Low Severity Vulnerability
Vulnerable Library - nokogiri-1.11.0.rc3.gem
Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser. Among Nokogiri's many features is the ability to search documents via XPath or CSS3 selectors.
Library home page: https://rubygems.org/gems/nokogiri-1.11.0.rc3.gem
Dependency Hierarchy:
- lol_dba-2.2.0.gem (Root Library)
- railties-6.1.0.gem
- actionpack-6.1.0.gem
- rails-dom-testing-2.0.3.gem
- ❌ nokogiri-1.11.0.rc3.gem (Vulnerable Library)
- rails-dom-testing-2.0.3.gem
- actionpack-6.1.0.gem
- railties-6.1.0.gem
Found in HEAD commit: dafb05810f7aef1efdc30c04e1fba6a5559c81bf
Found in base branch: master
Vulnerability Details
Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be accessed over the network, potentially enabling XXE or SSRF attacks. This behavior is counter to the security policy followed by Nokogiri maintainers, which is to treat all input as untrusted by default whenever possible. This is fixed in Nokogiri version 1.11.0.rc4.
Publish Date: 2020-12-30
URL: CVE-2020-26247
CVSS 3 Score Details (2.6)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://github.com/sparklemotion/nokogiri/releases/tag/v1.11.0.rc4
Release Date: 2020-12-30
Fix Resolution: 1.11.0.rc4
Step up your Open Source Security Game with WhiteSource here
Lock number of rows allowed to import
Frist import account doesn't exist, fails to update monthly balance
CVE-2020-15169 (Medium) detected in actionview-6.0.3.2.gem - autoclosed
CVE-2020-15169 - Medium Severity Vulnerability
Vulnerable Library - actionview-6.0.3.2.gem
Simple, battle-tested conventions and helpers for building web pages.
Library home page: https://rubygems.org/gems/actionview-6.0.3.2.gem
Dependency Hierarchy:
- active_model_serializers-0.10.10.gem (Root Library)
- actionpack-6.0.3.2.gem
- ❌ actionview-6.0.3.2.gem (Vulnerable Library)
- actionpack-6.0.3.2.gem
Found in HEAD commit: 65fe5d00beae291d2c89b4df6d9241726aa3759e
Found in base branch: master
Vulnerability Details
In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default (not found) value of the t and translate helpers could be susceptible to XSS attacks. When an HTML-unsafe string is passed as the default for a missing translation key named html or ending in _html, the default string is incorrectly marked as HTML-safe and not escaped. This is patched in versions 6.0.3.3 and 5.2.4.4. A workaround without upgrading is proposed in the source advisory.
Publish Date: 2020-09-11
URL: CVE-2020-15169
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://rubygems.org/gems/actionview/versions/6.0.3.3
Release Date: 2020-07-21
Fix Resolution: 6.0.3.3, 5.2.4.4
Step up your Open Source Security Game with WhiteSource here
Depfu Error: Depfu is stuck and needs your help
Hello,
In most cases that means something is wrong with your current Bundler setup and we can't fix it automatically:
• Error details:
Bundler Error: no result
• Error details:
Bundler Error: no result
• Error details:
783: unexpected token at '<!DOCTYPE html>
<html>
<head>
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta charset="utf-8">
<title>Application Error</title>
<style media="screen">
html,body,iframe {
margin: 0;
padding: 0;
}
html,body {
height: 100%;
overflow: hidden;
}
iframe {
width: 100%;
height: 100%;
border: 0;
}
</style>
</head>
<body>
<iframe src="//www.herokucdn.com/error-pages/application-error.html"></iframe>
</body>
</html>' (JSON::ParserError)
After you've fixed the problem, please activate this project again in the Depfu Dashboard.
👉 We will not send you further PRs until this is fixed and the repo is activated again.
If you need help or this looks like an error on our side, please send us an email.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.