Facets
How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!
How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!
A flaw in how restforce constructs URL's may allow an attacker to inject additional parameters into Salesforce API requests. Impact ------ This flaw is only exploitable in applications that pass user input directly to restforce's select, find, describe, update, upsert, and destroy methods. Vulnerable code might look...
Read more →
Any OAuth application that uses public/non-confidential authentication when interacting with Doorkeeper is unable to revoke its tokens when calling the revocation endpoint. A bug in the token revocation API would cause it to attempt to authenticate the public OAuth client as if it was a confidential app. Because of this, the token is...
Read more →
rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. If a site allows uploading of .zip files, an attacker can upload a malicious file which contains symlinks or files with absolute pathnames "../" to write arbitrary files to the...
Read more →
Specially crafted requests can be used to access files that exist on the filesystem that is outside an application's root directory, when the Sprockets server is used in production. All users running an affected release should either upgrade or use one of the work arounds immediately. Workaround: In Rails applications, work around this issue,...
Read more →
Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception.
Read more →
| Vulnerabilities | |
|---|---|
| Nov | 8 |
| Dec | 6 |
| Jan | 3 |
| Feb | 4 |
| Mar | 3 |
| Apr | 1 |
| May | 3 |
| Jun | 2 |
| Jul | 2 |
| Aug | 0 |
| Sep | 0 |
| Oct | 0 |
| Vulnerabilities | |
|---|---|
| 2013 | 84 |
| 2014 | 74 |
| 2015 | 45 |
| 2016 | 30 |
| 2017 | 28 |
| 2018 | 18 |