Groups
Sign in
Groups
rubysec-announce
Conversations
About
Send feedback
Help
rubysec-announce
Contact owners and managers
1–10 of 10
Welcome to rubysec-announce.
Rubysec collects security advisories that affect ruby gems and provides other security resources for the ruby community. Security advisories relevant to ruby gems will be announced here. For more information, please consult
http://rubysec.github.com
Mark all as read
Report group
0 selected
Alvaro Hoyos
6/24/16
[CVE-2016-5697] signature wrapping attack vulnerability in ruby-saml prior to version 1.3.0
Overview: Ruby-saml prior to version 1.3.0 is vulnerable to an XML signature wrapping attack. Ruby-
unread,
[CVE-2016-5697] signature wrapping attack vulnerability in ruby-saml prior to version 1.3.0
Overview: Ruby-saml prior to version 1.3.0 is vulnerable to an XML signature wrapping attack. Ruby-
6/24/16
Dawa Ometto
9/21/15
Vulnerability in gollum wiki, please update to v4.0.1
Hi, A vulnerability has been found in the gollum wiki, which allows attackers to gain read access to
unread,
Vulnerability in gollum wiki, please update to v4.0.1
Hi, A vulnerability has been found in the gollum wiki, which allows attackers to gain read access to
9/21/15
Reed Loden
4/7/15
Fwd: redcarpet <=3.2.2 (and related ruby gems) allow for possible XSS via autolinking of untrusted markdown
Re-posting, as my initial send to rubysec-announce@ bounced. :( ---------- Forwarded message --------
unread,
Fwd: redcarpet <=3.2.2 (and related ruby gems) allow for possible XSS via autolinking of untrusted markdown
Re-posting, as my initial send to rubysec-announce@ bounced. :( ---------- Forwarded message --------
4/7/15
Tony Arcieri
3/24/15
CVE-2015-1828: HTTPS MitM vulnerability in http.rb
Affected versions: all Fixed versions: 0.7.3 http.rb failed to call the OpenSSL::SSL::SSLSocket#
unread,
CVE-2015-1828: HTTPS MitM vulnerability in http.rb
Affected versions: all Fixed versions: 0.7.3 http.rb failed to call the OpenSSL::SSL::SSLSocket#
3/24/15
postmodern
, …
Tyler DeWitt
4
4/3/14
RubySec Summary of CVE-2013-6393 aka "you're probably vulnerable"
mpapis (RVM maintainer) has noted the issue with simply updating RVM and has a WIP for it. https://
unread,
RubySec Summary of CVE-2013-6393 aka "you're probably vulnerable"
mpapis (RVM maintainer) has noted the issue with simply updating RVM and has a WIP for it. https://
4/3/14
phi...@state.io
3/18/13
Announcement
[rubysec-announce] Symbol DoS vulnerability in Active Record
Aaron Patterson writes, There is a symbol DoS vulnerability in Active Record. This vulnerability has
unread,
Announcement
[rubysec-announce] Symbol DoS vulnerability in Active Record
Aaron Patterson writes, There is a symbol DoS vulnerability in Active Record. This vulnerability has
3/18/13
phi...@state.io
3/18/13
Announcement
Rails XSS and JRuby DoS vulnerabilities
For those of you who don't also subscribe to rubyonrails-security, Aaron Patterson today wrote:
unread,
Announcement
Rails XSS and JRuby DoS vulnerabilities
For those of you who don't also subscribe to rubyonrails-security, Aaron Patterson today wrote:
3/18/13
m...@state.io
3/8/13
Spree: Multiple Security Vulnerabilities
Hello, Multiple vulnerabilities in Spree have been brought to our attention. Information from their
unread,
Spree: Multiple Security Vulnerabilities
Hello, Multiple vulnerabilities in Spree have been brought to our attention. Information from their
3/8/13
m...@state.io
2/27/13
Remote Code Execution Vulnerability in Dragonfly
Hello, "Unfortunately there is a security vulnerability in Dragonfly when used with Rails which
unread,
Remote Code Execution Vulnerability in Dragonfly
Hello, "Unfortunately there is a security vulnerability in Dragonfly when used with Rails which
2/27/13
m...@state.io
2/24/13
Ruby 1.9.3-p392 is released (includes two security fixes)
Hello, Ruby 1.9.3-p392 was released on Friday and includes 2 security patches. - Denial of Service
unread,
Ruby 1.9.3-p392 is released (includes two security fixes)
Hello, Ruby 1.9.3-p392 was released on Friday and includes 2 security patches. - Denial of Service
2/24/13