Rubysec

Providing security resources for the Ruby community.
Follow us @rubysec or email us via info at rubysec.com

Advisory Archive

Date Rubygem Title CVE
2019-08-19 rest-client Code execution backdoor in rest-client 2019-15224
2019-08-11 rexical Rexical Command Injection Vulnerability 2019-5477
2019-08-11 nokogiri Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file 2019-5477
2019-07-12 mini_magick Remote command execution via filename 2019-13574
2019-07-05 strong_password strong_password Ruby gem malicious version causing Remote Code Execution vulnerability 2019-13354
2019-07-02 yard Possible arbitrary path traversal and file access via `yard server`
2019-07-01 field_test Arbitrary Variants Via Query Parameters 2019-13146
2019-06-04 chartkick XSS Vulnerability in Chartkick Ruby Gem 2019-12732
2019-04-22 nokogiri Nokogiri gem, via libxslt, is affected by improper access control vulnerability 2019-11068
2019-04-04 bootstrap-sass Remote code execution in bootstrap-sass 2019-10842
2019-03-25 doorkeeper-openid_connect Doorkeeper::OpenidConnect Open Redirect 2019-9837
2019-03-13 actionview File Content Disclosure in Action View 2019-5418
2019-03-13 actionview Denial of Service Vulnerability in Action View 2019-5419
2019-03-13 railties Possible Remote Code Execution Exploit in Rails Development Mode 2019-5420
2019-03-08 chloride Improper handling of ssh known_hosts file with Chloride 2018-6517
2019-03-05 rubygems-update Escape sequence injection vulnerability in verbose 2019-8321
2019-03-05 rubygems-update Installing a malicious gem may lead to arbitrary code execution 2019-8324
2019-03-05 rubygems-update Escape sequence injection vulnerability in errors 2019-8325
2019-03-05 rubygems-update Escape sequence injection vulnerability in api response handling 2019-8323
2019-03-05 rubygems-update Escape sequence injection vulnerability in gem owner 2019-8322
2019-03-05 rubygems-update Delete directory using symlink when decompressing tar 2019-8320
2019-02-15 bootstrap-sass XSS vulnerability in bootstrap-sass 2019-8331
2019-02-15 bootstrap XSS vulnerability in bootstrap 2019-8331
2019-02-07 devise Devise Gem for Ruby Time-of-check Time-of-use race condition with lockable module 2019-5421
2018-11-27 activestorage Bypass vulnerability in Active Storage 2018-16477
2018-11-27 activejob Broken Access Control vulnerability in Active Job 2018-16476
2018-11-09 easymon Reflected XSS in Firefox in check endpoint 2018-1000855
2018-11-05 rack Possible XSS vulnerability in Rack 2018-16471
2018-11-05 rack Possible DoS vulnerability in Rack 2018-16470
2018-10-30 loofah Loofah XSS Vulnerability 2018-16468