Facets

How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!


Latest Gem Vulnerabilities

CVE-2020-11077 in puma
Moderate

### Impact This is a similar but different vulnerability to the one patched in 3.12.5 and 4.3.4. A client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may...
Read more →

Published about 1 month ago
CVE-2020-11076 in puma
Moderate

### Impact By using an invalid transfer-encoding header, an attacker could [smuggle an HTTP response.](https://portswigger.net/web-security/request-smuggling) ### Patches The problem has been fixed in Puma 3.12.5 and Puma 4.3.4.
Read more →

Published about 1 month ago
CVE-2020-8164 in actionpack
Severe

There is a strong parameters bypass vector in ActionPack. Versions Affected: rails <= 6.0.3 Not affected: rails < 4.0.0 Fixed Versions: rails >= 5.2.4.3, rails >= 6.0.3.1 Impact ------ In some cases user supplied information can be inadvertently leaked from Strong Parameters. Specifically the return value of `each`, or...
Read more →

Published about 2 months ago
CVE-2020-8166 in actionpack
Moderate

It is possible to possible to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token for any action for that session. Versions Affected: rails < 5.2.5, rails < 6.0.4 Not affected: Applications without existing HTML injection vulnerabilities. Fixed Versions: rails >=...
Read more →

Published about 2 months ago
CVE-2020-8167 in actionview
Severe

There is an vulnerability in rails-ujs that allows attackers to send CSRF tokens to wrong domains. Versions Affected: rails <= 6.0.3 Not affected: Applications which don't use rails-ujs. Fixed Versions: rails >= 5.2.4.3, rails >= 6.0.3.1 Impact ------ This is a regression of CVE-2015-1840. In the scenario where an...
Read more →

Published about 2 months ago

Vulnerabilities in the Past 12 Months

Vulnerabilities
Aug 4
Sep 5
Oct 4
Nov 3
Dec 3
Jan 3
Feb 3
Mar 5
Apr 2
May 13
Jun 4
Jul 0

Vulnerabilities in the Past 6 Years

Vulnerabilities
2015 46
2016 34
2017 35
2018 34
2019 47
2020 30