Rubysec

Providing security resources for the Ruby community.
Follow us @rubysec or email us via info at rubysec.com

Advisory Archive

Date Rubygem Title CVE
2013-09-19 will_paginate will_paginate Gem for Ruby Generated Pagination Link Unspecified XSS 2013-6459
2013-09-03 fog-dragonfly fog-dragonfly Gem for Ruby imagemagickutils.rb Remote Command Execution 2013-5671
2013-09-03 dragonfly fog-dragonfly Gem for Ruby imagemagickutils.rb Remote Command Execution 2013-5671
2013-09-01 features Features Gem for Ruby /tmp/out.html Local XSS 2013-4318
2013-08-14 sounder Sounder Gem for Ruby File Name Handling Arbitrary Command Execution 2013-5647
2013-08-03 redis-namespace redis-namespace Gem for Ruby contains a flaw in the method_missing implementation
2013-08-02 devise CSRF token fixation attacks in Devise
2013-08-02 rgpg rgpg Gem for Ruby lib/rgpg/gpg_helper.rb Remote Command Execution 2013-4203
2013-07-25 ember-source Ember.js Potential XSS Exploit When Binding `tagName` to User-Supplied Data 2013-4170
2013-07-09 rack-ssl rack-ssl Gem for Ruby Error Message Reflected XSS 2014-2538
2013-06-26 enum_column3 enum_column3 Gem for Ruby Symbol Creation Remote DoS
2013-06-10 passenger Phusion Passenger Gem for Ruby Utils.cpp Temporary Directory Creation Symlink Local Privilege Escalation 2013-4136
2013-05-29 passenger Phusion Passenger Gem for Ruby Predictable Temporary Filename Generation Symlink Local Privilege Escalation 2013-2119
2013-05-17 show_in_browser Show In Browser Gem for Ruby /tmp/browser.html Arbitrary Script Injection 2013-2105
2013-05-14 cremefraiche Creme Fraiche Gem for Ruby File Name Shell Metacharacter Injection Arbitrary Command Execution 2013-2090
2013-04-13 md2pdf md2pdf Gem for Ruby md2pdf/converter.rb File Name Shell Metacharacter Injection Arbitrary Command Execution 2013-1948
2013-04-08 karteek-docsplit Karteek Docsplit Gem for Ruby text_extractor.rb File Name Shell Metacharacter Injection Arbitrary Command Execution 2013-1933
2013-04-04 kelredd-pruview kelredd-pruview Gem for Ruby /lib/pruview/document.rb File Name Shell Metacharacter Injection Arbitrary Command Execution 2013-1947
2013-04-01 ldoce ldoce Gem for Ruby MP3 URL Shell Metacharacter Injection Arbitrary Command Execution 2013-1911
2013-03-26 thumbshooter Thumbshooter Gem for Ruby thumbshooter.rb URL Shell Metacharacter Injection Arbitrary Command Execution 2013-1898
2013-03-19 actionpack XSS Vulnerability in the `sanitize` helper of Ruby on Rails 2013-1857
2013-03-19 activerecord Symbol DoS vulnerability in Active Record 2013-1854
2013-03-19 activesupport XML Parsing Vulnerability affecting JRuby users 2013-1856
2013-03-19 actionpack XSS vulnerability in sanitize_css in Action Pack 2013-1855
2013-03-18 command_wrap command_wrap Gem for Ruby URI Handling Arbitrary Command Injection 2013-1875
2013-03-13 fastreader fastreader Gem for Ruby URI Handling Arbitrary Command Injection 2013-2615
2013-03-12 mini_magick MiniMagick Gem for Ruby URI Handling Arbitrary Command Injection 2013-2616
2013-03-12 curl Curl Gem for Ruby URI Handling Arbitrary Command Injection 2013-2617
2013-03-04 flash_tool flash_tool Gem for Ruby File Download Handling Arbitrary Command Execution 2013-2513
2013-02-28 fileutils fileutils Gem for Ruby file_utils.rb Crafted URL Handling Remote Command Execution 2013-2516