How secure are your Ruby projects? Scan
Gemfile.lock for vulnerabilities, take action, and ship
secure apps!
Some adapters (i.e. jruby-rack) will pass through bad URIs, then display the resulting exception. This creates an attack vector for XSS attacks.
actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows...
Read more →
Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow...
Read more →
Data Injection Vulnerability in Active Record
There is a data injection vulnerability in Active Record. Specially
crafted strings can be used to save data in PostgreSQL array columns that may...
Read more →
Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary...
Read more →
| Vulnerabilities | |
|---|---|
| May | 0 |
| Jun | 1 |
| Jul | 0 |
| Aug | 1 |
| Sep | 1 |
| Oct | 3 |
| Nov | 2 |
| Dec | 6 |
| Jan | 1 |
| Feb | 3 |
| Mar | 1 |
| Apr | 0 |
| Vulnerabilities | |
|---|---|
| 2009 | 4 |
| 2010 | 2 |
| 2011 | 15 |
| 2012 | 15 |
| 2013 | 50 |
| 2014 | 5 |
