Facets

How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!

Browse

Latest Gem Vulnerabilities

CVE-2020-11082 in kaminari
Severe

### Impact There was a vulnerability in versions of Kaminari that would allow an attacker to inject arbitrary code into pages with pagination links. For example, an attacker could craft pagination links that link to other domain or host: https://example.com/posts?page=4&original_script_name=https://another-host.example.com In addition,...
Read more →

Published 3 days ago
CVE-2020-11076 in puma
Moderate

### Impact By using an invalid transfer-encoding header, an attacker could [smuggle an HTTP response.](https://portswigger.net/web-security/request-smuggling) ### Patches The problem has been fixed in Puma 3.12.5 and Puma 4.3.4.
Read more →

Published 9 days ago
CVE-2020-11077 in puma
Moderate

### Impact This is a similar but different vulnerability to the one patched in 3.12.5 and 4.3.4. A client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may...
Read more →

Published 9 days ago
CVE-2020-8164 in actionpack
Severe

There is a strong parameters bypass vector in ActionPack. Versions Affected: rails <= 6.0.3 Not affected: rails < 4.0.0 Fixed Versions: rails >= 5.2.4.3, rails >= 6.0.3.1 Impact ------ In some cases user supplied information can be inadvertently leaked from Strong Parameters. Specifically the return value of `each`, or...
Read more →

Published 13 days ago
CVE-2020-8166 in actionpack
Moderate

It is possible to possible to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token for any action for that session. Versions Affected: rails < 5.2.5, rails < 6.0.4 Not affected: Applications without existing HTML injection vulnerabilities. Fixed Versions: rails >=...
Read more →

Published 13 days ago

Vulnerabilities in the Past 12 Months

Vulnerabilities
Jun 2
Jul 9
Aug 4
Sep 5
Oct 4
Nov 3
Dec 3
Jan 2
Feb 3
Mar 5
Apr 2
May 13

Vulnerabilities in the Past 6 Years

Vulnerabilities
2015 46
2016 34
2017 35
2018 34
2019 47
2020 25