Facets

How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!


Latest Gem Vulnerabilities

CVE-2020-26223 in spree_api
Severe

### Impact The perpetrator could query the [API v2 Order Status] (https://guides.spreecommerce.org/api/v2/storefront#tag/Order-Status) endpoint with an empty string passed as an Order token ### Patches Please upgrade to 3.7.11, 4.0.4, or 4.1.11 depending on your used Spree version. Users of Spree < 3.7 are not affected.
Read more →

Published 19 days ago
CVE-2020-26222 in dependabot-common
Severe

### Impact Remote code execution vulnerability in `dependabot-common` and `dependabot-go_modules` when a source branch name contains malicious injectable bash code. For example, if Dependabot is configured to use the following source branch name: `"/$({curl,127.0.0.1})"`, Dependabot will make a HTTP request to the following URL:...
Read more →

Published 19 days ago
CVE-2020-15240 in omniauth-auth0
Critical

### Overview Versions after and including `2.3.0` are improperly validating the JWT token signature when using the `JWTValidator.verify` method. Improper validation of the JWT token signature when not using the default Authorization Code Flow can allow an attacker to bypass authentication and authorization. ### Am I affected? You are...
Read more →

Published 29 days ago
CVE-2020-15269 in spree
Critical

### Impact The perpetrator who previously obtained an old expired user token could use it to access Storefront API v2 endpoints. ### Patches Please upgrade to 3.7.11, 4.0.4, or 4.1.11 depending on your used Spree version.
Read more →

Published about 1 month ago
CVE-2020-7670 in agoo
Moderate

agoo through 2.12.3 allows request smuggling attacks where agoo is used as a backend and a frontend proxy also being vulnerable. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to be parsed as valid which could be leveraged for...
Read more →

Published about 1 month ago

Vulnerabilities in the Past 12 Months

Vulnerabilities
Jan 3
Feb 3
Mar 5
Apr 2
May 13
Jun 5
Jul 2
Aug 4
Sep 3
Oct 4
Nov 3
Dec 0

Vulnerabilities in the Past 6 Years

Vulnerabilities
2015 46
2016 34
2017 35
2018 36
2019 47
2020 47