Facets
How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!
How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!
There's a possible information leak / session hijack vulnerability in Rack. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount...
Read more →
There was a race condition around persistent connections, where a connection which is interrupted (such as by a timeout) would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response. The race condition window appears to be short, and it would be difficult to purposefully exploit...
Read more →
A poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait permanently if the attacker sends requests frequently enough.
Read more →
An issue was discovered in the rack-cors (aka Rack CORS Middleware) gem before 1.0.4 for Ruby. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format.
Read more →
The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string.
Read more →
| Vulnerabilities | |
|---|---|
| Feb | 2 |
| Mar | 11 |
| Apr | 3 |
| May | 0 |
| Jun | 2 |
| Jul | 9 |
| Aug | 3 |
| Sep | 5 |
| Oct | 4 |
| Nov | 3 |
| Dec | 3 |
| Jan | 0 |
| Vulnerabilities | |
|---|---|
| 2015 | 46 |
| 2016 | 33 |
| 2017 | 35 |
| 2018 | 34 |
| 2019 | 45 |
| 2020 | 0 |