Facets

How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!


Latest Gem Vulnerabilities

CVE-2018-3777 in restforce
Moderate

A flaw in how restforce constructs URL's may allow an attacker to inject additional parameters into Salesforce API requests. Impact ------ This flaw is only exploitable in applications that pass user input directly to restforce's select, find, describe, update, upsert, and destroy methods. Vulnerable code might look...
Read more →

Published 3 months ago
CVE-2018-1000211 in doorkeeper
Moderate

Any OAuth application that uses public/non-confidential authentication when interacting with Doorkeeper is unable to revoke its tokens when calling the revocation endpoint. A bug in the token revocation API would cause it to attempt to authenticate the public OAuth client as if it was a confidential app. Because of this, the token is...
Read more →

Published 3 months ago
CVE-2018-1000544 in rubyzip
Critical

rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. If a site allows uploading of .zip files, an attacker can upload a malicious file which contains symlinks or files with absolute pathnames "../" to write arbitrary files to the...
Read more →

Published 4 months ago
CVE-2018-3760 in sprockets
Critical

Specially crafted requests can be used to access files that exist on the filesystem that is outside an application's root directory, when the Sprockets server is used in production. All users running an affected release should either upgrade or use one of the work arounds immediately. Workaround: In Rails applications, work around this issue,...
Read more →

Published 4 months ago
CVE-2018-11627 in sinatra
Severe

Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception.
Read more →

Published 5 months ago

Vulnerabilities in the Past 12 Months

Vulnerabilities
Nov 8
Dec 6
Jan 3
Feb 4
Mar 3
Apr 1
May 3
Jun 2
Jul 2
Aug 0
Sep 0
Oct 0

Vulnerabilities in the Past 6 Years

Vulnerabilities
2013 84
2014 74
2015 45
2016 30
2017 28
2018 18