Rubysec

Providing security resources for the Ruby community.
Follow us @rubysec or email us via info at rubysec.com

Advisory Archive

Date Rubygem Title CVE
2014-10-13 sidekiq-pro Sidekiq Pro Gem for Ruby web/views/batch{,es}.erb Description Element XSS
2014-09-29 web-console Web Console Gem for Ruby contains an unspecified flaw
2014-09-27 i18n i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS 2014-10077
2014-09-25 as as Gem for Ruby Process List Local Plaintext Credentials Disclosure
2014-09-04 flavour_saver FlavourSaver handlebars helper remote code execution.
2014-08-25 dragonfly Dragonfly Gem for Ruby Image Uploading & Processing Remote Command Execution
2014-08-25 fog-dragonfly Dragonfly Gem for Ruby Image Uploading & Processing Remote Command Execution
2014-08-22 fat_free_crm Fat Free CRM Gem contains a javascript cross-site scripting (XSS) vulnerability 2014-5441
2014-08-18 activerecord Data Injection Vulnerability in Active Record 2014-3514
2014-08-13 bundler Bundler Gem for Ruby Multiple Top-level Source Lines Gemfile Handling Gem Installation Spoofing 2013-0334
2014-07-09 brbackup brbackup Gem for Ruby /lib/brbackup.rb name Parameter SQL Injection
2014-07-09 brbackup brbackup Gem for Ruby Process List Local Plaintext Password Disclosure 2014-5004
2014-07-09 brbackup brbackup Gem for Ruby dbuser Variable Shell Metacharacter Injection Remote Command Execution
2014-07-02 activerecord SQL Injection Vulnerability in Active Record 2014-3483
2014-07-02 activerecord SQL Injection Vulnerability in Active Record 2014-3482
2014-06-30 lynx lynx Gem for Ruby lib/lynx/pipe/run.rb Remote Command Execution
2014-06-30 kajam kajam Gem for Ruby /dataset/lib/dataset/database/postgresql.rb Process List Local Plaintext Password Disclosure 2014-4999
2014-06-30 kajam kajam Gem for Ruby /dataset/lib/dataset/database/postgresql.rb Metacharacter Handling Remote Command Execution
2014-06-30 lawn-login lawn-login Gem for Ruby /lib/lawn.rb Process Table Local Plaintext Password Disclosure 2014-5000
2014-06-30 point-cli point-cli Gem for Ruby /lib/commands/setup.rb Process Table Local Plaintext Credential Disclosure 2014-4997
2014-06-30 lynx lynx Gem for Ruby command/basic.rb Process Table Local Plaintext Password Disclosure 2014-5002
2014-06-30 gyazo gyazo Gem for Ruby client.rb Metacharacter Handling Remote Command Execution 2014-4994
2014-06-30 ciborg ciborg Gem for Ruby default.rb /tmp/perlbrew-installer Local Symlink File Overwrite 2014-5003
2014-06-30 cap-strap cap-strap Gem for Ruby Hardcoded Password Crypt Hash Salt Weakness
2014-06-30 cap-strap cap-strap Gem for Ruby Process Table Local Plaintext Credential Disclosure 2014-4992
2014-06-30 gnms gnms Gem for Ruby /lib/cmd_parse.rb ip Variable Shell Metacharacter Handling Remote Command Injection
2014-06-30 VladTheEnterprising VladTheEnterprising Gem for Ruby /tmp/my.cnf.#{target_host} Symlink Multiple Impact 2014-4995
2014-06-30 VladTheEnterprising VladTheEnterprising Gem for Ruby /tmp/my.cnf.#{target_host} Symlink Multiple Impact 2014-4996
2014-06-30 kompanee-recipes kompanee-recipes Gem for Ruby /lib/kompanee-recipes/heroku.rb Multiple Variable Handling Remote Command Execution Weakness
2014-06-30 karo karo Gem for Ruby db.rb Metacharacter Handling Remote Command Execution