Facets

How secure are your Ruby projects? Scan
Gemfile.lock for vulnerabilities, take action, and ship
secure apps!


Latest Gem Vulnerabilities

CVE-2016-3693 in safemode
Severe

Safemode is initialised with an optional 'delegate' object. If the delegated object is a Rails controller, 'inspect' could be called which then exposes all informations about the App, including routes, secret tokens, caches and so on.
Read more →

Published about 1 month ago
CVE-2016-2098 in rails
Critical

There is a possible remote code execution vulnerability in Action Pack. This vulnerability has been assigned the CVE identifier CVE-2016-2098. Impact ------ Applications that pass unverified user input to the `render` method in a controller or a view may be vulnerable to a code injection. Impacted code will look like...
Read more →

Published about 2 months ago
CVE-2016-2097 in rails
Severe

There is a possible directory traversal and information leak vulnerability in Action View. This was meant to be fixed on CVE-2016-0752. However the 3.2 patch was not covering all the scenarios. This vulnerability has been assigned the CVE identifier CVE-2016-2097. Versions Affected: 3.2.x, 4.0.x, 4.1.x Not affected: 4.2+ Fixed...
Read more →

Published about 2 months ago
CVE-2016-3098 in administrate
Severe

`Administrate::ApplicationController` actions didn't have CSRF protection. Remote attackers can hijack user's sessions and use any functionality that administrator exposes on their behalf.
Read more →

Published 2 months ago
CVE-2016-0753 in rails
Severe

There is a possible input validation circumvention vulnerability in Active Model. This vulnerability has been assigned the CVE identifier CVE-2016-0753. Impact ------ Code that uses Active Model based models (including Active Record models) and does not validate user input before passing it to the model can be subject to an attack...
Read more →

Published 4 months ago

Vulnerabilities in the Past 12 Months

Vulnerabilities
Jul 8
Aug 0
Sep 2
Oct 1
Nov 1
Dec 3
Jan 6
Feb 9
Mar 0
Apr 4
May 0
Jun 0

Vulnerabilities in the Past 6 Years

Vulnerabilities
2011 20
2012 22
2013 83
2014 74
2015 41
2016 19