Facets

How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!


Latest Gem Vulnerabilities

OSVDB-114600 in curb
Moderate

curb Gem for Ruby contains a flaw that is triggered when handling an empty http_put body. This may allow a remote attacker to crash an application linked against the library.
Read more →

Published about 9 years ago
OSVDB-62067 in bcrypt-ruby
Moderate

bcrypt-ruby Gem for Ruby suffered from a bug related to character encoding that substantially reduced the entropy of hashed passwords containing non US-ASCII characters. An incorrect encoding step transparently replaced such characters by '?' prior to hashing. In the worst case of a password consisting solely of non-US-ASCII...
Read more →

Published over 9 years ago
CVE-2008-7248 in rails
Severe

Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify tokens for requests with certain content types, which allows remote attackers to bypass cross-site request forgery (CSRF) protection for requests to applications that rely on this protection, as demonstrated using text/plain.
Read more →

Published almost 10 years ago
CVE-2009-4214 in rails
Moderate

Cross-site scripting (XSS) vulnerability in the strip_tags function in Ruby on Rails before 2.2.s, and 2.3.x before 2.3.5, allows remote attackers to inject arbitrary web script or HTML via vectors involving non-printing ASCII characters, related to HTML::Tokenizer and actionpack/lib/action_controller/vendor/html-scanner/html/node.rb.
Read more →

Published almost 10 years ago
CVE-2009-4123 in jruby-openssl
Severe

A security problem involving peer certificate verification was found where failed verification silently did nothing, making affected applications vulnerable to attackers. Attackers could lead a client application to believe that a secure connection to a rogue SSL server is legitimate. Attackers could also penetrate client-validated SSL...
Read more →

Published almost 10 years ago

Vulnerabilities in the Past 12 Months

Vulnerabilities
Nov 3
Dec 0
Jan 0
Feb 2
Mar 11
Apr 3
May 0
Jun 1
Jul 8
Aug 2
Sep 4
Oct 0

Vulnerabilities in the Past 6 Years

Vulnerabilities
2014 75
2015 46
2016 33
2017 33
2018 34
2019 31