Facets

How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!


Latest Gem Vulnerabilities

CVE-2020-15240 in omniauth-auth0
Critical

### Overview Versions after and including `2.3.0` are improperly validating the JWT token signature when using the `JWTValidator.verify` method. Improper validation of the JWT token signature when not using the default Authorization Code Flow can allow an attacker to bypass authentication and authorization. ### Am I affected? You are...
Read more →

Published 3 months ago
CVE-2020-7670 in agoo
Moderate

agoo through 2.12.3 allows request smuggling attacks where agoo is used as a backend and a frontend proxy also being vulnerable. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to be parsed as valid which could be leveraged for...
Read more →

Published 3 months ago
CVE-2020-15269 in spree
Critical

### Impact The perpetrator who previously obtained an old expired user token could use it to access Storefront API v2 endpoints. ### Patches Please upgrade to 3.7.11, 4.0.4, or 4.1.11 depending on your used Spree version.
Read more →

Published 3 months ago
CVE-2020-8264 in actionpack
Moderate

There is a possible XSS vulnerability in Action Pack while the application server is in development mode. This vulnerability is in the Actionable Exceptions middleware. This vulnerability has been assigned the CVE identifier CVE-2020-8264. Versions Affected: >= 6.0.0 Not affected: < 6.0.0 Fixed Versions: ...
Read more →

Published 4 months ago
CVE-2020-15237 in shrine
Moderate

### Impact When using the `derivation_endpoint` plugin, it's possible for the attacker to use a timing attack to guess the signature of the derivation URL. ### Patches The problem has been fixed by comparing sent and calculated signature in constant time, using `Rack::Utils.secure_compare`. Users using the `derivation_endpoint` plugin...
Read more →

Published 4 months ago

Vulnerabilities in the Past 12 Months

Vulnerabilities
Feb 3
Mar 6
Apr 2
May 13
Jun 5
Jul 2
Aug 4
Sep 3
Oct 4
Nov 3
Dec 2
Jan 1

Vulnerabilities in the Past 6 Years

Vulnerabilities
2016 34
2017 35
2018 36
2019 47
2020 50
2021 1