Rubysec

Providing security resources for the Ruby community.
Follow us @rubysec or email us via info at rubysec.com

Advisory form

The name of the gem, as seen in Rubygems.
The date this vulnerability was disclosed to the library author or community.
A link to a blog post, mailing list, github issue, etc that describes this vulnerability.
Have you been assigned a unique CVE identifier? If you haven't, we'll get you one.
A short sentence: what kind of bug affects what gem?
One or two paragraphs describing the issue. A good description explains what the flaw is, and why the reader should care. A great description provides more context and possible workarounds.
Are there versions of this gem that are unaffected by the vulnerability?

Please provide line separated Gem version requirements. Use any operator as appropriate, including the pessimistic one.
Has the library released any patches?

Please provide line separated Gem version requirements. Use any operator as appropriate, including the pessimistic one.
Any additional links that might provide more context, i.e. github commits.
We might have to contact you in case things are unclear.

Report a new vulnerability

Hey! Thanks for taking the time to do this. Your submission helps the community. All submissions to this website are ultimately vetted on the GitHub repository.

Reporting a vulnerability is a simple process.

  1. Discreetly disclose the flaw to the gem maintainer(s).
    Please be polite! Open source maintainers are usually unpaid volunteers, and everyone deserves a little courtesy.
  2. Try to figure out what versions are affected by the flaw, and whether a patch can be released.
  3. Fill out the form to the left: