Rubysec

Providing security resources for the Ruby community.
Follow us @rubysec or email us via info at rubysec.com

Advisory Archive

Date Rubygem Title CVE
2013-04-04 kelredd-pruview kelredd-pruview Gem for Ruby /lib/pruview/document.rb File Name Shell Metacharacter Injection Arbitrary Command Execution 2013-1947
2013-04-01 ldoce ldoce Gem for Ruby MP3 URL Shell Metacharacter Injection Arbitrary Command Execution 2013-1911
2013-03-26 thumbshooter Thumbshooter Gem for Ruby thumbshooter.rb URL Shell Metacharacter Injection Arbitrary Command Execution 2013-1898
2013-03-19 activerecord Symbol DoS vulnerability in Active Record 2013-1854
2013-03-19 actionpack XSS Vulnerability in the `sanitize` helper of Ruby on Rails 2013-1857
2013-03-19 actionpack XSS vulnerability in sanitize_css in Action Pack 2013-1855
2013-03-19 activesupport XML Parsing Vulnerability affecting JRuby users 2013-1856
2013-03-18 command_wrap command_wrap Gem for Ruby URI Handling Arbitrary Command Injection 2013-1875
2013-03-13 fastreader fastreader Gem for Ruby URI Handling Arbitrary Command Injection 2013-2615
2013-03-12 mini_magick MiniMagick Gem for Ruby URI Handling Arbitrary Command Injection 2013-2616
2013-03-12 curl Curl Gem for Ruby URI Handling Arbitrary Command Injection 2013-2617
2013-03-04 flash_tool flash_tool Gem for Ruby File Download Handling Arbitrary Command Execution 2013-2513
2013-02-28 ftpd ftpd Gem for Ruby Shell Character Handling Remote Command Injection 2013-2512
2013-02-28 fileutils fileutils Gem for Ruby /lib/file_utils/open_office.rb Character Handling Remote Command Execution
2013-02-28 fileutils fileutils Gem for Ruby Temporary Directory Hijacking Weakness
2013-02-28 fileutils fileutils Gem for Ruby files_utils.rb /tmp File Symlink Arbitrary File Overwrite
2013-02-28 fileutils fileutils Gem for Ruby file_utils.rb Crafted URL Handling Remote Command Execution 2013-2516
2013-02-25 activerecord-jdbc-adapter ActiveRecord-JDBC-Adapter (AR-JDBC) lib/arjdbc/jdbc/adapter.rb sql.gsub() Function SQL Injection
2013-02-21 spree Spree promotion_rules_controller.rb promotion_rule Parameter Arbitrary Ruby Object Instantiation Command Execution 2013-1656
2013-02-21 spree_auth Spree app/models/spree/user.rb Mass Role Assignment Remote Privilege Escalation 2013-2506
2013-02-21 spree_auth_devise Spree app/models/spree/user.rb Mass Role Assignment Remote Privilege Escalation 2013-2506
2013-02-21 pdfkit PDFKit Gem for Ruby PDF File Generation Parameter Handling Remote Code Execution 2013-1607
2013-02-21 ruby_parser RubyGems ruby_parser (RP) Temporary File Symlink Arbitrary File Overwrite 2013-0162
2013-02-21 spree Spree payment_methods_controller.rb payment_method Parameter Arbitrary Ruby Object Instantiation Command Execution 2013-1656
2013-02-21 spree Spree promotion_actions_controller.rb promotion_action Parameter Arbitrary Ruby Object Instantiation Command Execution 2013-1656
2013-02-21 spree Spree app/models/spree/user.rb Mass Role Assignment Remote Privilege Escalation 2013-2506
2013-02-21 spree Spree promotions_controller.rb calculator_type Parameter Arbitrary Ruby Object Instantiation Command Execution 2013-1656
2013-02-19 fog-dragonfly Dragonfly Gem for Ruby Crafted Request Parsing Remote Code Execution 2013-1756
2013-02-19 dragonfly Dragonfly Gem for Ruby Crafted Request Parsing Remote Code Execution 2013-1756
2013-02-12 bundler Bundler Gem for Ruby Missing SSL Certificate Validation MitM Spoofing