Facets

How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!

We are sunsetting Hakiri on January 31 2022. To learn more please refer to this document.


Latest Gem Vulnerabilities

CVE-2021-28680 in devise_masquerade
Moderate

The devise_masquerade gem before 1.3 allows certain attacks when a password's salt is unknown. An application that uses this gem to let administrators masquerade/impersonate users loses one layer of security protection compared to a situation where Devise (without this extension) is used. If the server-side secret_key_base value...
Read more →

Published about 2 months ago
CVE-2021-43805 in solidus_core
Severe

### Impact Denial of service vulnerability that could be exploited during a guest checkout. The regular expression used to validate a guest order's email was subject to exponential backtracking through a fragment like `a.a.`. Before the patch, it can be reproduced in the console like this: ```ruby irb(main)>...
Read more →

Published about 2 months ago
CVE-2021-27025 in puppet
Moderate

A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'.
Read more →

Published about 2 months ago
CVE-2021-27023 in puppet
Moderate

A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007
Read more →

Published about 2 months ago
CVE-2021-41819 in cgi
Moderate

The old versions of `CGI::Cookie.parse` applied URL decoding to cookie names. An attacker could exploit this vulnerability to spoof security prefixes in cookie names, which may be able to trick a vulnerable application. By this fix, `CGI::Cookie.parse` no longer decodes cookie names. Note that this is an incompatibility if cookie names...
Read more →

Published 2 months ago

Vulnerabilities in the Past 12 Months

Vulnerabilities
Feb 5
Mar 3
Apr 7
May 11
Jun 2
Jul 2
Aug 3
Sep 3
Oct 3
Nov 8
Dec 7
Jan 2

Vulnerabilities in the Past 6 Years

Vulnerabilities
2017 35
2018 37
2019 47
2020 52
2021 55
2022 2