[ { "category": "dependency_scanning", "name": "io.netty/netty - CVE-2014-3488", "message": "DoS by CPU exhaustion when using malicious SSL packets", "cve": "app/pom.xml:io.netty/netty@3.9.1.Final:CVE-2014-3488", "severity": "Unknown", "solution": "Upgrade to the latest version", "scanner": { "id": "gemnasium", "name": "Gemnasium" }, "location": { "file": "app/pom.xml", "dependency": { "package": { "name": "io.netty/netty" }, "version": "3.9.1.Final" } }, "identifiers": [ { "type": "gemnasium", "name": "Gemnasium-d1bf36d9-9f07-46cd-9cfc-8675338ada8f", "value": "d1bf36d9-9f07-46cd-9cfc-8675338ada8f", "url": "https://deps.sec.gitlab.com/packages/maven/io.netty/netty/versions/3.9.1.Final/advisories" }, { "type": "cve", "name": "CVE-2014-3488", "value": "CVE-2014-3488", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3488" } ], "links": [ { "url": "https://bugzilla.redhat.com/CVE-2014-3488" }, { "url": "http://netty.io/news/2014/06/11/3.html" }, { "url": "https://github.com/netty/netty/issues/2562" } ], "priority": "Unknown", "file": "app/pom.xml", "url": "https://bugzilla.redhat.com/CVE-2014-3488", "tool": "gemnasium" }, { "category": "dependency_scanning", "name": "Django - CVE-2017-12794", "message": "Possible XSS in traceback section of technical 500 debug page", "cve": "app/requirements.txt:Django@1.11.3:CVE-2017-12794", "severity": "Unknown", "solution": "Upgrade to latest version or apply patch.", "scanner": { "id": "gemnasium", "name": "Gemnasium" }, "location": { "file": "app/requirements.txt", "dependency": { "package": { "name": "Django" }, "version": "1.11.3" } }, "identifiers": [ { "type": "gemnasium", "name": "Gemnasium-6162a015-8635-4a15-8d7c-dc9321db366f", "value": "6162a015-8635-4a15-8d7c-dc9321db366f", "url": "https://deps.sec.gitlab.com/packages/pypi/Django/versions/1.11.3/advisories" }, { "type": "cve", "name": "CVE-2017-12794", "value": "CVE-2017-12794", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12794" } ], "links": [ { "url": "https://www.djangoproject.com/weblog/2017/sep/05/security-releases/" } ], "priority": "Unknown", "file": "app/requirements.txt", "url": "https://www.djangoproject.com/weblog/2017/sep/05/security-releases/", "tool": "gemnasium" }, { "category": "dependency_scanning", "name": "nokogiri - USN-3424-1", "message": "Vulnerabilities in libxml2", "cve": "rails/Gemfile.lock:nokogiri@1.8.0:USN-3424-1", "severity": "Unknown", "solution": "Upgrade to latest version.", "scanner": { "id": "gemnasium", "name": "Gemnasium" }, "location": { "file": "rails/Gemfile.lock", "dependency": { "package": { "name": "nokogiri" }, "version": "1.8.0" } }, "identifiers": [ { "type": "gemnasium", "name": "Gemnasium-06565b64-486d-4326-b906-890d9915804d", "value": "06565b64-486d-4326-b906-890d9915804d", "url": "https://deps.sec.gitlab.com/packages/gem/nokogiri/versions/1.8.0/advisories" }, { "type": "usn", "name": "USN-3424-1", "value": "USN-3424-1", "url": "https://usn.ubuntu.com/3424-1/" } ], "links": [ { "url": "https://github.com/sparklemotion/nokogiri/issues/1673" } ], "priority": "Unknown", "file": "rails/Gemfile.lock", "url": "https://github.com/sparklemotion/nokogiri/issues/1673", "tool": "gemnasium" }, { "category": "dependency_scanning", "name": "ffi - CVE-2018-1000201", "message": "ruby-ffi DDL loading issue on Windows OS", "cve": "ffi:1.9.18:CVE-2018-1000201", "severity": "High", "solution": "upgrade to \u003e= 1.9.24", "scanner": { "id": "bundler_audit", "name": "bundler-audit" }, "location": { "file": "sast-sample-rails/Gemfile.lock", "dependency": { "package": { "name": "ffi" }, "version": "1.9.18" } }, "identifiers": [ { "type": "cve", "name": "CVE-2018-1000201", "value": "CVE-2018-1000201", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000201" } ], "links": [ { "url": "https://github.com/ffi/ffi/releases/tag/1.9.24" } ], "priority": "High", "file": "sast-sample-rails/Gemfile.lock", "url": "https://github.com/ffi/ffi/releases/tag/1.9.24", "tool": "bundler_audit" } ]