Facets
How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!
How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!
Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception.
Read more →
private_address_check ruby gem before 0.5.0 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition due to the address the socket uses not being checked. DNS entries with a TTL of 0 can trigger this case where the initial resolution is a public address by the subsequent resolution is a private address.
Read more →
There is a possible XSS vulnerability in rails-html-sanitizer. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications. This issue is similar to CVE-2018-8048 in Loofah.
Read more →
When Sanitize <= 4.6.2 is used in combination with libxml2 >= 2.9.2, a specially crafted HTML fragment can cause libxml2 to generate improperly escaped output, allowing non-whitelisted attributes to be used on whitelisted elements. This can allow HTML and JavaScript injection, which could result in XSS if Sanitize's output is served to...
Read more →
Loofah allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments when running on MRI or RBX in combination with libxml2 >= 2.9.2. JRuby users are not affected. This issue has been created for public disclosure of an XSS / code injection vulnerability that was responsibly reported by...
Read more →
| Vulnerabilities | |
|---|---|
| Jul | 1 |
| Aug | 0 |
| Sep | 3 |
| Oct | 1 |
| Nov | 7 |
| Dec | 6 |
| Jan | 3 |
| Feb | 4 |
| Mar | 3 |
| Apr | 0 |
| May | 2 |
| Jun | 0 |
| Vulnerabilities | |
|---|---|
| 2013 | 84 |
| 2014 | 74 |
| 2015 | 44 |
| 2016 | 29 |
| 2017 | 26 |
| 2018 | 12 |