Rubysec

Providing security resources for the Ruby community.
Follow us @rubysec or email us via info at rubysec.com

Advisory Archive

Date Rubygem Title CVE
2011-04-19 spree Spree Content Controller Unspecified Arbitrary File Disclosure
2011-01-25 mail Mail Gem for Ruby lib/mail/network/delivery_methods/sendmail.rb Email From: Address Arbitrary Shell Command Injection 2011-0739
2011-01-12 quick_magick quick_magick Gem for Ruby QuickMagick::Image.read Function Crafted String Handling Remote Command Injection
2010-11-02 spree Spree Multiple Script JSON Request Validation Weakness Remote Information Disclosure 2010-3978
2010-08-12 curb curb Gem for Ruby Empty http_put Body Handling Remote DoS
2010-02-01 bcrypt-ruby bcrypt-ruby Gem for Ruby incorrect encoding of non US-ASCII characters (JRuby only)
2010-02-01 bcrypt bcrypt-ruby Gem for Ruby incorrect encoding of non US-ASCII characters (JRuby only)
2009-12-07 jruby-openssl jruby-openssl Gem for JRuby fails to do proper certificate validation 2009-4123
2008-10-10 activerecord-oracle_enhanced-adapter Oracle "enhanced" ActiveRecord Gem for Ruby :limit / :offset SQL Injection
2008-09-22 spree Spree Hash Restriction Weakness URL Parsing Order State Value Manipulation 2008-7310
2008-08-15 activeresource activeresource Gem for Ruby lib/active_resource/connection.rb request Function Multiple Variable Format String
2008-08-12 spree Spree Hardcoded config.action_controller_session Hash Value Cryptographic Protection Weakness 2008-7311
2007-11-27 gtk2 Ruby-GNOME2 gtk/src/rbgtkmessagedialog.c Gtk::MessageDialog.new() Function Format String 2007-6183
2007-06-15 builder Builder Gem for Ruby Tag Name Handling Private Method Exposure
2007-05-21 json json Gem for Ruby Data Handling Stack Buffer Overflow