Rubysec

Providing security resources for the Ruby community.
Follow us @rubysec or email us via info at rubysec.com

Advisory Archive

Date Rubygem Title CVE
2014-06-30 gnms gnms Gem for Ruby /lib/cmd_parse.rb ip Variable Shell Metacharacter Handling Remote Command Injection
2014-06-30 ciborg ciborg Gem for Ruby default.rb /tmp/perlbrew-installer Local Symlink File Overwrite 2014-5003
2014-06-30 kcapifony kcapifony Gem for Ruby /lib/ksymfony1.rb Process List Local Plaintext Password Disclosure 2014-5001
2014-06-30 backup_checksum backup_checksum Gem for Ruby /lib/backup/cli/utility.rb Metacharacter Handling Remote Command Execution
2014-06-30 codders-dataset codders-dataset Gem for Ruby /lib/dataset/database/postgresql.rb Process Table Local Plaintext Credential Disclosure 2014-4991
2014-06-30 kompanee-recipes kompanee-recipes Gem for Ruby /lib/kompanee-recipes/heroku.rb Multiple Variable Handling Remote Command Execution Weakness
2014-06-30 codders-dataset codders-dataset Gem for Ruby /lib/dataset/database/mysql.rb Process Table Local Plaintext Credential Disclosure 2014-4991
2014-06-30 VladTheEnterprising VladTheEnterprising Gem for Ruby /tmp/my.cnf.#{target_host} Symlink Multiple Impact 2014-4995
2014-06-30 VladTheEnterprising VladTheEnterprising Gem for Ruby /tmp/my.cnf.#{target_host} Symlink Multiple Impact 2014-4996
2014-06-30 gyazo gyazo Gem for Ruby client.rb Metacharacter Handling Remote Command Execution 2014-4994
2014-06-07 screen_capture Screen Capture Gem for Ruby screen_capture.rb URL Handling Arbitrary Command Execution
2014-05-06 actionpack Directory Traversal Vulnerability With Certain Route Configurations 2014-0130
2014-04-30 nokogiri Nokogiri Gem for JRuby XML Document Root Element Handling Memory Consumption Remote DoS
2014-04-24 jruby-sandbox jruby-sandbox Java Class Importation Sandbox Bypass
2014-04-16 sfpagent sfpagent Gem for Ruby JSON[body] Module Name Remote Command Execution 2014-2888
2014-03-28 awesome_spawn OS command injection flaw in awesome_spawn 2014-0156
2014-03-25 twitter-bootstrap-rails Reflective XSS Vulnerability in twitter-bootstrap-rails 2014-4920
2014-03-13 kafo Kafo default_values.yaml Insecure Permissions Local Information Disclosure 2014-0135
2014-03-10 Arabic-Prawn Arabic Prawn Gem for Ruby lib/string_utf_support.rb User Input Handling Remote Command Injection 2014-2322
2014-03-05 rbovirt rbovirt Gem for Ruby contains a flaw 2014-0036
2014-02-18 actionpack XSS Vulnerability in number_to_currency, number_to_percentage and number_to_human 2014-0081
2014-02-18 activerecord Data Injection Vulnerability in Active Record 2014-0080
2014-02-18 actionpack Denial of Service Vulnerability in Action View when using render :text 2014-0082
2014-02-13 net-ldap Net::LDAP for Ruby lib/net/ldap/password.rb SSHA Password Generation Weak Salt 2014-0083
2014-02-07 ember-source Ember.js XSS Vulnerability With {{link-to}} Helper in Non-block Form 2014-0046
2014-01-31 paperclip Paperclip Gem for Ruby contains a flaw
2014-01-29 passenger Phusion Passenger Server Instance Directory Creation Local Symlink File Overwrite 2014-1832
2014-01-28 passenger Phusion Passenger Server Instance Directory Creation Local Symlink File Overwrite 2014-1831
2014-01-14 echor echor Gem for Ruby backplane.rb perform_request Function Arbitrary Command Execution 2014-1834
2014-01-14 ember-source Ember.js Potential XSS Exploit With User-Supplied Data When Binding Primitive Values 2014-0013