Facets

How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!


Latest Gem Vulnerabilities

CVE-2011-0449 in rails
Critical

actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.4, when a case-insensitive filesystem is used, does not properly implement filters associated with the list of available templates, which allows remote attackers to bypass intended access restrictions via an action name that uses an unintended case for alphabetic...
Read more →

Published almost 9 years ago
CVE-2011-0448 in rails
Critical

Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument.
Read more →

Published almost 9 years ago
CVE-2011-0447 in rails
Severe

Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged (1) AJAX or (2) API requests that leverage "combinations of browser plugins and...
Read more →

Published about 9 years ago
CVE-2011-0446 in rails
Moderate

Multiple cross-site scripting (XSS) vulnerabilities in the mail_to helper in Ruby on Rails before 2.3.11, and 3.x before 3.0.4, when javascript encoding is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) name or (2) email value.
Read more →

Published about 9 years ago
CVE-2011-0739 / OSVDB-70667 in mail
Severe

Mail Gem for Ruby contains a flaw related to the failure to properly sanitise input passed from an email from address in the 'deliver()' function in 'lib/mail/network/delivery_methods/sendmail.rb' before being used as a command line argument. This may allow a remote attacker to inject arbitrary shell commands.
Read more →

Published about 9 years ago

Vulnerabilities in the Past 12 Months

Vulnerabilities
Mar 11
Apr 3
May 0
Jun 2
Jul 9
Aug 3
Sep 5
Oct 4
Nov 3
Dec 3
Jan 2
Feb 0

Vulnerabilities in the Past 6 Years

Vulnerabilities
2015 46
2016 33
2017 35
2018 34
2019 45
2020 2