tiagolnobre / budget-app-api Goto Github PK
View Code? Open in Web Editor NEWLicense: MIT License
License: MIT License
Web apps on Rails. Simple, battle-tested conventions for building and testing MVC web applications. Works with any Rack-compatible server.
Library home page: https://rubygems.org/gems/actionpack-6.0.3.2.gem
Dependency Hierarchy:
Found in HEAD commit: 65fe5d00beae291d2c89b4df6d9241726aa3759e
Found in base branch: master
There is a possible XSS vulnerability in Action Pack while the application server is in development mode. This vulnerability is in the Actionable Exceptions middleware. This vulnerability has been assigned the CVE identifier CVE-2020-8264.
Publish Date: 2020-07-21
URL: CVE-2020-8264
Base Score Metrics:
Type: Upgrade version
Origin: https://github.com/rails/rails/tree/v6.0.3.4
Release Date: 2020-07-21
Fix Resolution: v6.0.3.4
Step up your Open Source Security Game with WhiteSource here
Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser. Among Nokogiri's many features is the ability to search documents via XPath or CSS3 selectors.
Library home page: https://rubygems.org/gems/nokogiri-1.11.0.rc3.gem
Dependency Hierarchy:
Found in HEAD commit: dafb05810f7aef1efdc30c04e1fba6a5559c81bf
Found in base branch: master
Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be accessed over the network, potentially enabling XXE or SSRF attacks. This behavior is counter to the security policy followed by Nokogiri maintainers, which is to treat all input as untrusted by default whenever possible. This is fixed in Nokogiri version 1.11.0.rc4.
Publish Date: 2020-12-30
URL: CVE-2020-26247
Base Score Metrics:
Type: Upgrade version
Origin: https://github.com/sparklemotion/nokogiri/releases/tag/v1.11.0.rc4
Release Date: 2020-12-30
Fix Resolution: 1.11.0.rc4
Step up your Open Source Security Game with WhiteSource here
Simple, battle-tested conventions and helpers for building web pages.
Library home page: https://rubygems.org/gems/actionview-6.0.3.2.gem
Dependency Hierarchy:
Found in HEAD commit: 65fe5d00beae291d2c89b4df6d9241726aa3759e
Found in base branch: master
In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default (not found) value of the t
and translate
helpers could be susceptible to XSS attacks. When an HTML-unsafe string is passed as the default for a missing translation key named html or ending in _html, the default string is incorrectly marked as HTML-safe and not escaped. This is patched in versions 6.0.3.3 and 5.2.4.4. A workaround without upgrading is proposed in the source advisory.
Publish Date: 2020-09-11
URL: CVE-2020-15169
Base Score Metrics:
Type: Upgrade version
Origin: https://rubygems.org/gems/actionview/versions/6.0.3.3
Release Date: 2020-07-21
Fix Resolution: 6.0.3.3, 5.2.4.4
Step up your Open Source Security Game with WhiteSource here
Hello,
In most cases that means something is wrong with your current Bundler setup and we can't fix it automatically:
Bundler Error: no result
Bundler Error: no result
783: unexpected token at '<!DOCTYPE html>
<html>
<head>
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta charset="utf-8">
<title>Application Error</title>
<style media="screen">
html,body,iframe {
margin: 0;
padding: 0;
}
html,body {
height: 100%;
overflow: hidden;
}
iframe {
width: 100%;
height: 100%;
border: 0;
}
</style>
</head>
<body>
<iframe src="//www.herokucdn.com/error-pages/application-error.html"></iframe>
</body>
</html>' (JSON::ParserError)
After you've fixed the problem, please activate this project again in the Depfu Dashboard.
👉 We will not send you further PRs until this is fixed and the repo is activated again.
If you need help or this looks like an error on our side, please send us an email.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.