Rubysec

Providing security resources for the Ruby community.
Follow us @rubysec or email us via info at rubysec.com

Advisory Archive

Date Rubygem Title CVE
2014-03-13 kafo Kafo default_values.yaml Insecure Permissions Local Information Disclosure 2014-0135
2014-03-10 Arabic-Prawn Arabic Prawn Gem for Ruby lib/string_utf_support.rb User Input Handling Remote Command Injection 2014-2322
2014-03-05 rbovirt rbovirt Gem for Ruby contains a flaw 2014-0036
2014-02-18 activerecord Data Injection Vulnerability in Active Record 2014-0080
2014-02-18 actionpack Denial of Service Vulnerability in Action View when using render :text 2014-0082
2014-02-18 actionpack XSS Vulnerability in number_to_currency, number_to_percentage and number_to_human 2014-0081
2014-02-13 net-ldap Net::LDAP for Ruby lib/net/ldap/password.rb SSHA Password Generation Weak Salt 2014-0083
2014-02-07 ember-source Ember.js XSS Vulnerability With {{link-to}} Helper in Non-block Form 2014-0046
2014-01-31 paperclip Paperclip Gem for Ruby contains a flaw
2014-01-29 passenger Phusion Passenger Server Instance Directory Creation Local Symlink File Overwrite 2014-1832
2014-01-28 passenger Phusion Passenger Server Instance Directory Creation Local Symlink File Overwrite 2014-1831
2014-01-14 echor echor Gem for Ruby backplane.rb perform_request Function Arbitrary Command Execution 2014-1834
2014-01-14 ember-source Ember.js Potential XSS Exploit With User-Supplied Data When Using {{group}} Helper 2014-0014
2014-01-14 echor echor Gem for Ruby Process Listing Local Plaintext Credential Disclosure 2014-1835
2014-01-14 ember-source Ember.js Potential XSS Exploit With User-Supplied Data When Binding Primitive Values 2014-0013
2014-01-08 paratrooper-newrelic Paratrooper-newrelic Gem for Ruby Process Listing API Key Local Disclosure 2014-1234
2013-12-31 flukso4r flukso4r Gem for Ruby /lib/flukso/R.rb Arbitrary Command Execution
2013-12-26 paratrooper-pingdom paratrooper-pingdom Gem for Ruby /lib/paratrooper-pingdom.rb API Login Credentials Local Disclosure 2014-1233
2013-12-24 fat_free_crm Fat Free CRM Gem for Ruby lack of support for cycling the Rails session secret 2013-7222
2013-12-24 fat_free_crm Fat Free CRM Gem for Ruby contains multiple cross-site request forgery (CSRF) vulnerabilities 2013-7223
2013-12-24 fat_free_crm Fat Free CRM Gem for Ruby allows remote attackers to obtain sensitive informations 2013-7249
2013-12-24 fat_free_crm Fat Free CRM Gem for Ruby allows remote attackers to obtain sensitive informations 2013-7224
2013-12-24 fat_free_crm Fat Free CRM Gem for Ruby allows remote attackers to inject or manipulate SQL queries 2013-7225
2013-12-14 nokogiri Nokogiri Gem for JRuby Crafted XML Document Handling Infinite Loop Remote DoS 2013-6460
2013-12-14 bio-basespace-sdk Bio Basespace SDK Gem for Ruby Command Line API Key Disclosure 2013-7111
2013-12-14 nokogiri Nokogiri Gem for Ruby External Entity (XXE) Expansion Remote DoS 2013-6461
2013-12-12 webbynode Webbynode Gem for Ruby notify.rb growlnotify Message Handling Arbitrary Command Execution 2013-7086
2013-12-03 actionpack Denial of Service Vulnerability in Action View 2013-6414
2013-12-03 i18n i18n missing translation error message XSS 2013-4492
2013-12-03 actionpack XSS Vulnerability in number_to_currency 2013-6415