Facets
How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!
How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!
If user-supplied input was passed into append/override_content_security_policy_directives, a semicolon could be injected leading to directive injection. This could be used to e.g. override a script-src directive. Duplicate directives are ignored and the first one wins. The directives in secure_headers are sorted alphabetically so...
Read more →
If user-supplied input was passed into append/override_content_security_policy_directives, a newline could be injected leading to limited header injection. Upon seeing a newline in the header, rails will silently create a new Content-Security-Policy header with the remaining value of the original string. It will continue to create new...
Read more →
There's a possible information leak / session hijack vulnerability in Rack. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount...
Read more →
There was a race condition around persistent connections, where a connection which is interrupted (such as by a timeout) would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response. The race condition window appears to be short, and it would be difficult to purposefully exploit...
Read more →
A poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait permanently if the attacker sends requests frequently enough.
Read more →
| Vulnerabilities | |
|---|---|
| Mar | 11 |
| Apr | 3 |
| May | 0 |
| Jun | 2 |
| Jul | 9 |
| Aug | 3 |
| Sep | 5 |
| Oct | 4 |
| Nov | 3 |
| Dec | 3 |
| Jan | 2 |
| Feb | 0 |
| Vulnerabilities | |
|---|---|
| 2015 | 46 |
| 2016 | 33 |
| 2017 | 35 |
| 2018 | 34 |
| 2019 | 45 |
| 2020 | 2 |