Facets

How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!


Latest Gem Vulnerabilities

CVE-2018-3777 in restforce
Moderate

A flaw in how restforce constructs URL's may allow an attacker to inject additional parameters into Salesforce API requests. Impact ------ This flaw is only exploitable in applications that pass user input directly to restforce's select, find, describe, update, upsert, and destroy methods. Vulnerable code might look...
Read more →

Published 23 days ago
CVE-2018-1000211 in doorkeeper
Moderate

Any OAuth application that uses public/non-confidential authentication when interacting with Doorkeeper is unable to revoke its tokens when calling the revocation endpoint. A bug in the token revocation API would cause it to attempt to authenticate the public OAuth client as if it was a confidential app. Because of this, the token is...
Read more →

Published about 1 month ago
CVE-2018-3760 in sprockets
Critical

Specially crafted requests can be used to access files that exist on the filesystem that is outside an application's root directory, when the Sprockets server is used in production. All users running an affected release should either upgrade or use one of the work arounds immediately. Workaround: In Rails applications, work around this issue,...
Read more →

Published 2 months ago
CVE-2018-11627 in sinatra
Severe

Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception.
Read more →

Published 3 months ago
CVE-2018-3769 in ruby-grape
Critical

When request on API contains the "format" parameter in GET, the input value of this parameter is rendered as the web-server responds with text/html header. Example: http://example.com/api/endpoint?format=%3Cscript%3Ealert(document.cookie)%3C/script%3E
Read more →

Published 3 months ago

Vulnerabilities in the Past 12 Months

Vulnerabilities
Sep 3
Oct 1
Nov 8
Dec 6
Jan 3
Feb 4
Mar 3
Apr 1
May 3
Jun 1
Jul 2
Aug 0

Vulnerabilities in the Past 6 Years

Vulnerabilities
2013 84
2014 74
2015 45
2016 30
2017 28
2018 17