Rubysec

Providing security resources for the Ruby community.
Follow us @rubysec or email us via info at rubysec.com

Advisory Archive

Date Rubygem Title CVE
2014-06-30 VladTheEnterprising VladTheEnterprising Gem for Ruby /tmp/my.cnf.#{target_host} Symlink Multiple Impact 2014-4995
2014-06-30 VladTheEnterprising VladTheEnterprising Gem for Ruby /tmp/my.cnf.#{target_host} Symlink Multiple Impact 2014-4996
2014-06-30 codders-dataset codders-dataset Gem for Ruby /lib/dataset/database/postgresql.rb Process Table Local Plaintext Credential Disclosure 2014-4991
2014-06-30 kompanee-recipes kompanee-recipes Gem for Ruby /lib/kompanee-recipes/heroku.rb Multiple Variable Handling Remote Command Execution Weakness
2014-06-30 backup-agoddard backup-agoddard Gem for Ruby /lib/backup/cli/utility.rb Process Table Local Plaintext Password Disclosure 2014-4993
2014-06-30 karo karo Gem for Ruby db.rb Metacharacter Handling Remote Command Execution
2014-06-30 kcapifony kcapifony Gem for Ruby /lib/ksymfony1.rb Process List Local Plaintext Password Disclosure 2014-5001
2014-06-07 screen_capture Screen Capture Gem for Ruby screen_capture.rb URL Handling Arbitrary Command Execution
2014-05-06 actionpack Directory Traversal Vulnerability With Certain Route Configurations 2014-0130
2014-04-30 nokogiri Nokogiri Gem for JRuby XML Document Root Element Handling Memory Consumption Remote DoS
2014-04-24 jruby-sandbox jruby-sandbox Java Class Importation Sandbox Bypass
2014-04-16 sfpagent sfpagent Gem for Ruby JSON[body] Module Name Remote Command Execution 2014-2888
2014-03-28 awesome_spawn OS command injection flaw in awesome_spawn 2014-0156
2014-03-25 twitter-bootstrap-rails Reflective XSS Vulnerability in twitter-bootstrap-rails 2014-4920
2014-03-13 kafo Kafo default_values.yaml Insecure Permissions Local Information Disclosure 2014-0135
2014-03-10 Arabic-Prawn Arabic Prawn Gem for Ruby lib/string_utf_support.rb User Input Handling Remote Command Injection 2014-2322
2014-03-05 rbovirt rbovirt Gem for Ruby contains a flaw 2014-0036
2014-02-18 activerecord Data Injection Vulnerability in Active Record 2014-0080
2014-02-18 actionpack XSS Vulnerability in number_to_currency, number_to_percentage and number_to_human 2014-0081
2014-02-18 actionpack Denial of Service Vulnerability in Action View when using render :text 2014-0082
2014-02-13 net-ldap Net::LDAP for Ruby lib/net/ldap/password.rb SSHA Password Generation Weak Salt 2014-0083
2014-02-07 ember-source Ember.js XSS Vulnerability With {{link-to}} Helper in Non-block Form 2014-0046
2014-01-31 paperclip Paperclip Gem for Ruby contains a flaw
2014-01-29 passenger Phusion Passenger Server Instance Directory Creation Local Symlink File Overwrite 2014-1832
2014-01-28 passenger Phusion Passenger Server Instance Directory Creation Local Symlink File Overwrite 2014-1831
2014-01-14 ember-source Ember.js Potential XSS Exploit With User-Supplied Data When Using {{group}} Helper 2014-0014
2014-01-14 echor echor Gem for Ruby Process Listing Local Plaintext Credential Disclosure 2014-1835
2014-01-14 echor echor Gem for Ruby backplane.rb perform_request Function Arbitrary Command Execution 2014-1834
2014-01-14 ember-source Ember.js Potential XSS Exploit With User-Supplied Data When Binding Primitive Values 2014-0013
2014-01-08 paratrooper-newrelic Paratrooper-newrelic Gem for Ruby Process Listing API Key Local Disclosure 2014-1234