Rubysec

Providing security resources for the Ruby community.
Follow us @rubysec or email us via info at rubysec.com

Advisory Archive

Date Rubygem Title CVE
2015-09-20 gollum gollum Upload File Functionality Permits Arbitrary File Access 2015-7314
2015-09-17 devise-two-factor devise-two-factor 1.1.0 and earlier vulnerable to replay attacks 2015-7225
2015-08-24 handlebars-source handlebars.js - quoteless attributes in templates can lead to XSS
2015-07-28 spree Spree RABL templates rendering allows Arbitrary Code Execution and File Disclosure
2015-07-21 uglifier uglifier incorrectly handles non-boolean comparisons during minification
2015-07-20 spree Spree RABL templates rendering allows Arbitrary Code Execution and File Disclosure
2015-07-17 sidekiq-pro Sidekiq Pro Gem for Ruby CSRF in Job Filtering
2015-07-13 rack-cors rack-cors Gem Missing Anchor permits unauthorized CORS requests 2017-11173
2015-07-06 sidekiq Sidekiq Gem for Ruby Multiple Unspecified CSRF
2015-06-30 ruby-saml Ruby-Saml Gem is vulnerable to entity expansion attacks
2015-06-22 redcarpet redcarpet Gem for Ruby html.c header_anchor() Function Stack Overflow 2015-5147
2015-06-16 activesupport Possible Denial of Service attack in Active Support 2015-3227
2015-06-16 activesupport XSS Vulnerability in ActiveSupport::JSON.encode 2015-3226
2015-06-16 jquery-rails CSRF Vulnerability in jquery-rails 2015-1840
2015-06-16 spina Cross-site request forgery (CSRF) vulnerability in Spina gem 2015-4619
2015-06-16 rack Potential Denial of Service Vulnerability in Rack 2015-3225
2015-06-16 web-console IP whitelist bypass in Web Console 2015-3224
2015-06-16 jquery-ujs CSRF Vulnerability in jquery-ujs 2015-1840
2015-06-05 paperclip Paperclip Gem for Ruby vulnerable to content type spoofing 2015-2963
2015-06-04 bson Data Injection Vulnerability in bson Rubygem 2015-4412
2015-06-04 moped Data Injection Vulnerability in moped Rubygem 2015-4410
2015-06-04 sidekiq Sidekiq Gem for Ruby web/views/queue.erb CurrentMessagesInQueue Element Reflected XSS
2015-05-11 sidekiq-pro Sidekiq Pro Gem for Ruby web/views/batch.erb Class and ErrorMessage Elements Reflected XSS
2015-05-05 open-uri-cached open-uri-cached Gem for Ruby Unsafe Temporary File Creation Local Privilege Escalation 2015-3649
2015-04-29 ruby-saml Ruby-Saml Gem is vulnerable to XPath Injection
2015-04-21 sidekiq Sidekiq Gem for Ruby web/views/queue.erb msg.display_class Element XSS
2015-04-15 refile refile Gem for Ruby contains a remote code execution vulnerability
2015-04-14 ember-source Ember.js XSS Vulnerability With {{view "select"}} Options 2015-1866
2015-04-14 nokogiri Nokogiri gem contains several vulnerabilities in libxml2 and libxslt 2015-1819
2015-04-07 redcarpet redcarpet Gem for Ruby markdown.c parse_inline() Function XSS