Rubysec

Providing security resources for the Ruby community.
Follow us @rubysec or email us via info at rubysec.com

Advisory Archive

Date Rubygem Title CVE
2015-03-24 rest-client rubygem-rest-client: session fixation vulnerability via Set-Cookie headers in 30x redirection responses 2015-1820
2015-03-24 http HTTPS MitM vulnerability in http.rb 2015-1828
2015-03-05 spree Spree API Information Disclosure CSRF
2015-02-17 xaviershay-dm-rails xaviershay-dm-rails Gem for Ruby exposes sensitive information via the process table 2015-2179
2015-02-16 fat_free_crm Fat Free CRM Gem being vulnerable to CSRF-type attacks 2015-1585
2015-02-10 doorkeeper Doorkeeper Gem for Ruby stores sensitive information in production logs
2015-02-03 ruby-saml Ruby-Saml Gem is vulnerable to arbitrary code execution
2015-01-12 rest-client Rest-Client Gem for Ruby logs password information in plaintext 2015-3448
2014-12-18 doorkeeper Cross-site request forgery (CSRF) vulnerability in doorkeeper 1.4.0 and earlier. 2014-8144
2014-12-08 sentry-raven sentry-raven Gem for Ruby contains a flaw that can result in a denial of service 2014-9490
2014-12-04 gollum-grit_adapter gollum-grit_adapter Search Functionality Allows Arbitrary Command Execution 2014-9489
2014-11-17 actionpack Arbitrary file existence disclosure in Action Pack 2014-7829
2014-10-30 actionpack Arbitrary file existence disclosure in Action Pack 2014-7818
2014-10-30 sprockets Arbitrary file existence disclosure in Sprockets 2014-7819
2014-10-13 sidekiq-pro Sidekiq Pro Gem for Ruby web/views/batch{,es}.erb Description Element XSS
2014-09-29 web-console Web Console Gem for Ruby contains an unspecified flaw
2014-09-27 i18n i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS 2014-10077
2014-09-25 as as Gem for Ruby Process List Local Plaintext Credentials Disclosure
2014-09-04 flavour_saver FlavourSaver handlebars helper remote code execution.
2014-08-25 dragonfly Dragonfly Gem for Ruby Image Uploading & Processing Remote Command Execution
2014-08-25 fog-dragonfly Dragonfly Gem for Ruby Image Uploading & Processing Remote Command Execution
2014-08-22 fat_free_crm Fat Free CRM Gem contains a javascript cross-site scripting (XSS) vulnerability 2014-5441
2014-08-18 activerecord Data Injection Vulnerability in Active Record 2014-3514
2014-08-13 bundler Bundler Gem for Ruby Multiple Top-level Source Lines Gemfile Handling Gem Installation Spoofing 2013-0334
2014-07-09 brbackup brbackup Gem for Ruby Process List Local Plaintext Password Disclosure 2014-5004
2014-07-09 brbackup brbackup Gem for Ruby dbuser Variable Shell Metacharacter Injection Remote Command Execution
2014-07-09 brbackup brbackup Gem for Ruby /lib/brbackup.rb name Parameter SQL Injection
2014-07-02 activerecord SQL Injection Vulnerability in Active Record 2014-3482
2014-07-02 activerecord SQL Injection Vulnerability in Active Record 2014-3483
2014-06-30 gnms gnms Gem for Ruby /lib/cmd_parse.rb ip Variable Shell Metacharacter Handling Remote Command Injection