rubysec-announce

Contact owners and managers

1–10 of 10

Welcome to rubysec-announce.

Rubysec collects security advisories that affect ruby gems and provides other security resources for the ruby community. Security advisories relevant to ruby gems will be announced here. For more information, please consult http://rubysec.github.com

0 selected

6/24/16

[CVE-2016-5697] signature wrapping attack vulnerability in ruby-saml prior to version 1.3.0

Overview: Ruby-saml prior to version 1.3.0 is vulnerable to an XML signature wrapping attack. Ruby-

unread,

[CVE-2016-5697] signature wrapping attack vulnerability in ruby-saml prior to version 1.3.0

Overview: Ruby-saml prior to version 1.3.0 is vulnerable to an XML signature wrapping attack. Ruby-

6/24/16

9/21/15

Vulnerability in gollum wiki, please update to v4.0.1

Hi, A vulnerability has been found in the gollum wiki, which allows attackers to gain read access to

unread,

Vulnerability in gollum wiki, please update to v4.0.1

Hi, A vulnerability has been found in the gollum wiki, which allows attackers to gain read access to

9/21/15

4/7/15

Fwd: redcarpet <=3.2.2 (and related ruby gems) allow for possible XSS via autolinking of untrusted markdown

Re-posting, as my initial send to rubysec-announce@ bounced. :( ---------- Forwarded message --------

unread,

Fwd: redcarpet <=3.2.2 (and related ruby gems) allow for possible XSS via autolinking of untrusted markdown

Re-posting, as my initial send to rubysec-announce@ bounced. :( ---------- Forwarded message --------

4/7/15

3/24/15

CVE-2015-1828: HTTPS MitM vulnerability in http.rb

Affected versions: all Fixed versions: 0.7.3 http.rb failed to call the OpenSSL::SSL::SSLSocket#

unread,

CVE-2015-1828: HTTPS MitM vulnerability in http.rb

Affected versions: all Fixed versions: 0.7.3 http.rb failed to call the OpenSSL::SSL::SSLSocket#

3/24/15

postmodern, … Tyler DeWitt4

4/3/14

RubySec Summary of CVE-2013-6393 aka "you're probably vulnerable"

mpapis (RVM maintainer) has noted the issue with simply updating RVM and has a WIP for it. https://

unread,

RubySec Summary of CVE-2013-6393 aka "you're probably vulnerable"

mpapis (RVM maintainer) has noted the issue with simply updating RVM and has a WIP for it. https://

4/3/14

phi...@state.io

3/18/13

[rubysec-announce] Symbol DoS vulnerability in Active Record

Aaron Patterson writes, There is a symbol DoS vulnerability in Active Record. This vulnerability has

unread,

[rubysec-announce] Symbol DoS vulnerability in Active Record

Aaron Patterson writes, There is a symbol DoS vulnerability in Active Record. This vulnerability has

3/18/13

phi...@state.io

3/18/13

Rails XSS and JRuby DoS vulnerabilities

For those of you who don't also subscribe to rubyonrails-security, Aaron Patterson today wrote:

unread,

Rails XSS and JRuby DoS vulnerabilities

For those of you who don't also subscribe to rubyonrails-security, Aaron Patterson today wrote:

3/18/13

3/8/13

Spree: Multiple Security Vulnerabilities

Hello, Multiple vulnerabilities in Spree have been brought to our attention. Information from their

unread,

Spree: Multiple Security Vulnerabilities

Hello, Multiple vulnerabilities in Spree have been brought to our attention. Information from their

3/8/13

2/27/13

Remote Code Execution Vulnerability in Dragonfly

Hello, "Unfortunately there is a security vulnerability in Dragonfly when used with Rails which

unread,

Remote Code Execution Vulnerability in Dragonfly

Hello, "Unfortunately there is a security vulnerability in Dragonfly when used with Rails which

2/27/13

2/24/13

Ruby 1.9.3-p392 is released (includes two security fixes)

Hello, Ruby 1.9.3-p392 was released on Friday and includes 2 security patches. - Denial of Service

unread,

Ruby 1.9.3-p392 is released (includes two security fixes)

Hello, Ruby 1.9.3-p392 was released on Friday and includes 2 security patches. - Denial of Service

2/24/13

Search

Clear search

Close search

Google apps

Main menu