Rubysec

Providing security resources for the Ruby community.
Follow us @rubysec or email us via info at rubysec.com

Advisory Archive

Date Rubygem Title CVE
2019-03-13 actionview Denial of Service Vulnerability in Action View 2019-5419
2019-03-13 railties Possible Remote Code Execution Exploit in Rails Development Mode 2019-5420
2019-03-08 chloride Improper handling of ssh known_hosts file with Chloride 2018-6517
2019-03-05 rubygems-update Escape sequence injection vulnerability in errors 2019-8325
2019-03-05 rubygems-update Escape sequence injection vulnerability in verbose 2019-8321
2019-03-05 rubygems-update Escape sequence injection vulnerability in api response handling 2019-8323
2019-03-05 rubygems-update Escape sequence injection vulnerability in gem owner 2019-8322
2019-03-05 rubygems-update Installing a malicious gem may lead to arbitrary code execution 2019-8324
2019-03-05 rubygems-update Delete directory using symlink when decompressing tar 2019-8320
2019-02-15 bootstrap-sass XSS vulnerability in bootstrap-sass 2019-8331
2019-02-15 bootstrap XSS vulnerability in bootstrap 2019-8331
2019-02-07 devise Devise Gem for Ruby Time-of-check Time-of-use race condition with lockable module 2019-5421
2018-11-27 activestorage Bypass vulnerability in Active Storage 2018-16477
2018-11-27 activejob Broken Access Control vulnerability in Active Job 2018-16476
2018-11-09 easymon Reflected XSS in Firefox in check endpoint 2018-1000855
2018-11-05 rack Possible DoS vulnerability in Rack 2018-16470
2018-11-05 rack Possible XSS vulnerability in Rack 2018-16471
2018-10-30 loofah Loofah XSS Vulnerability 2018-16468
2018-10-27 fat_free_crm fat_free_crm gem XSS vulnerability via query parameter 2018-1000842
2018-10-19 mysql-binuuid-rails mysql-binuuid-rails allows SQL Injection by removing default string escaping 2018-18476
2018-10-04 nokogiri Nokogiri gem, via libxml2, is affected by multiple vulnerabilities 2018-14404
2018-09-28 jekyll Jekyll _config.yml privilege escalation 2018-17567
2018-09-14 smart_proxy_dynflow smart_proxy_dynflow gem authentication bypass in Foreman remote execution feature 2018-14643
2018-08-09 active-support Malicious ruby gem - active-support 2018-3779
2018-07-27 restforce Insufficient URI encoding in restforce 2018-3777
2018-07-11 doorkeeper Doorkeeper gem does not revoke token for public clients 2018-1000211
2018-07-03 bootstrap XSS vulnerabilities via data-parent, data-target, data-container in bootstrap 2018-14040
2018-06-22 ffi ruby-ffi DDL loading issue on Windows OS 2018-1000201
2018-06-19 sprockets Path Traversal in Sprockets 2018-3760
2018-06-14 rubyzip Directory Traversal in rubyzip 2018-1000544