Facets

How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!


Latest Gem Vulnerabilities

CVE-2013-1656 / OSVDB-91217 in spree
Moderate

Spree contains a flaw that is triggered when handling input passed via the 'payment_method' parameter to payment_methods_controller.rb. This may allow a remote authenticated attacker to instantiate arbitrary Ruby objects and potentially execute arbitrary commands.
Read more →

Published over 7 years ago
CVE-2013-2513 / OSVDB-90829 in flash_tool
Severe

flash_tool Gem for Ruby contains a flaw that is triggered during the handling of downloaded files that contain shell characters. With a specially crafted file, a context-dependent attacker can execute arbitrary commands.
Read more →

Published over 7 years ago
CVE-2013-0184 / OSVDB-89327 in rack
Moderate

Rack contains a flaw in the Rack::Auth::AbstractRequest class that may allow a remote denial of service. The issue is triggered when an unspecified error occurs, which will result in a loss of availability for the webserver.
Read more →

Published over 7 years ago
CVE-2013-0183 / OSVDB-89320 in rack
Severe

Rack contains a flaw that may allow a remote denial of service. The issue is triggered when parsing an overly long string. With a specially crafted string, a remote attacker can cause a consumption of memory. This will result in a loss of availability for the webserver.
Read more →

Published over 7 years ago
CVE-2013-0162 / OSVDB-90561 in ruby_parser
Moderate

RubyGems ruby_parser (RP) contains a flaw as rubygem-ruby_parser creates temporary files insecurely. It is possible for a local attacker to use a symlink attack to cause the program to unexpectedly overwrite an arbitrary file.
Read more →

Published over 7 years ago

Vulnerabilities in the Past 12 Months

Vulnerabilities
Aug 4
Sep 5
Oct 4
Nov 3
Dec 3
Jan 3
Feb 3
Mar 5
Apr 2
May 13
Jun 4
Jul 0

Vulnerabilities in the Past 6 Years

Vulnerabilities
2015 46
2016 34
2017 35
2018 34
2019 47
2020 30