Rubysec

Providing security resources for the Ruby community.
Follow us @rubysec or email us via info at rubysec.com

Advisory Archive

Date Rubygem Title CVE
2013-02-28 fileutils fileutils Gem for Ruby files_utils.rb /tmp File Symlink Arbitrary File Overwrite
2013-02-25 activerecord-jdbc-adapter ActiveRecord-JDBC-Adapter (AR-JDBC) lib/arjdbc/jdbc/adapter.rb sql.gsub() Function SQL Injection
2013-02-21 pdfkit PDFKit Gem for Ruby PDF File Generation Parameter Handling Remote Code Execution 2013-1607
2013-02-21 spree_auth_devise Spree app/models/spree/user.rb Mass Role Assignment Remote Privilege Escalation 2013-2506
2013-02-21 spree Spree app/models/spree/user.rb Mass Role Assignment Remote Privilege Escalation 2013-2506
2013-02-21 spree Spree promotions_controller.rb calculator_type Parameter Arbitrary Ruby Object Instantiation Command Execution 2013-1656
2013-02-21 spree Spree promotion_rules_controller.rb promotion_rule Parameter Arbitrary Ruby Object Instantiation Command Execution 2013-1656
2013-02-21 spree Spree promotion_actions_controller.rb promotion_action Parameter Arbitrary Ruby Object Instantiation Command Execution 2013-1656
2013-02-21 spree Spree payment_methods_controller.rb payment_method Parameter Arbitrary Ruby Object Instantiation Command Execution 2013-1656
2013-02-21 spree_auth Spree app/models/spree/user.rb Mass Role Assignment Remote Privilege Escalation 2013-2506
2013-02-21 ruby_parser RubyGems ruby_parser (RP) Temporary File Symlink Arbitrary File Overwrite 2013-0162
2013-02-19 fog-dragonfly Dragonfly Gem for Ruby Crafted Request Parsing Remote Code Execution 2013-1756
2013-02-19 dragonfly Dragonfly Gem for Ruby Crafted Request Parsing Remote Code Execution 2013-1756
2013-02-12 bundler Bundler Gem for Ruby Missing SSL Certificate Validation MitM Spoofing
2013-02-12 bundler Bundler Gem for Ruby Redirection Remote HTTP Basic Authentication Credential Disclosure
2013-02-11 activerecord Ruby on Rails Active Record attr_protected Method Bypass 2013-0276
2013-02-11 activerecord Ruby on Rails Active Record +serialize+ Helper YAML Attribute Handling Remote Code Execution 2013-0277
2013-02-11 json Ruby on Rails JSON Gem Arbitrary Symbol Creation Remote DoS 2013-0269
2013-02-07 rack Rack Rack::File Function Symlink Traversal Arbitrary File Disclosure 2013-0262
2013-02-07 rack Rack Rack::Session::Cookie Function Timing Attack Remote Code Execution 2013-0263
2013-02-06 rdoc RDoc 2.3.0 through 3.12 XSS Exploit 2013-0256
2013-02-04 json json Gem for Ruby JSON::GenericObject Function Arbitrary Addition Creation 2013-0269
2013-01-28 devise Devise Database Type Conversion Crafted Request Parsing Security Bypass 2013-0233
2013-01-28 activesupport Ruby on Rails JSON Parser Crafted Payload YAML Subset Decoding Remote Code Execution 2013-0333
2013-01-14 httparty httparty Gem for Ruby Type Casting Parameter Parsing Remote Code Execution 2013-1801
2013-01-13 rack Rack Rack::Auth::AbstractRequest Class Unspecified Remote DoS 2013-0184
2013-01-11 multi_xml multi_xml Gem for Ruby XML Parameter Parsing Remote Command Execution 2013-0175
2013-01-10 nori Ruby Gem nori Parameter Parsing Remote Code Execution 2013-0285
2013-01-09 crack crack Gem for Ruby Type Casting Parameter Parsing Remote Code Execution 2013-1800
2013-01-08 activerecord Ruby on Rails Active Record JSON Parameter Parsing Query Bypass 2013-0155