Facets
How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!
How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!
This affects the package clearance before 2.5.0. The vulnerability can be possible when users are able to set the value of session[:return_to]. If the value used for return_to contains multiple leading slashes (/////example.com) the user ends up being redirected to the external domain that comes after the slashes (http://example.com).
Read more →
### Impact better_errors prior to 2.8.0 did not implement CSRF protection for its internal requests. It also did not enforce the correct "Content-Type" header for these requests, which allowed a cross-origin "simple request" to be made without CORS protection. These together left an application with better_errors enabled open to cross-origin...
Read more →
There is a possible open redirect vulnerability in the Host Authorization middleware in Action Pack. This vulnerability has been assigned the CVE identifier CVE-2021-22942. Versions Affected: >= 6.0.0. Not affected: < 6.0.0 Fixed Versions: 6.1.4.1, 6.0.4.1 Impact ------ Specially crafted “X-Forwarded-Host” headers in combination...
Read more →
Increments Qiita::Markdown before 0.34.0 allows XSS via a crafted gist link, a different vulnerability than CVE-2021-28796.
Read more →
Increments Qiita::Markdown before 0.33.0 allows XSS in transformers.
Read more →
| Vulnerabilities | |
|---|---|
| Oct | 4 |
| Nov | 3 |
| Dec | 2 |
| Jan | 1 |
| Feb | 5 |
| Mar | 3 |
| Apr | 7 |
| May | 11 |
| Jun | 2 |
| Jul | 2 |
| Aug | 3 |
| Sep | 2 |
| Vulnerabilities | |
|---|---|
| 2016 | 34 |
| 2017 | 35 |
| 2018 | 37 |
| 2019 | 47 |
| 2020 | 52 |
| 2021 | 36 |