科技回声

11 条评论

sciurus将近 10 年前

You can run this check yourself using the bundle-audit tool. It uses the list of vulnerabilities from ruby-advisory-db.Checking the git history, I see that phillmv is a contributor to ruby-advisory-db.<a href="https://github.com/rubysec/bundler-audit" rel="nofollow">https://github.com/rubysec/bundler-audit</a><a href="https://github.com/rubysec/ruby-advisory-db" rel="nofollow">https://github.com/rubysec/ruby-advisory-db</a>

评论 #10022993 未加载

phillmv将近 10 年前

Hey. We posted about our service last week and got great feedback. We took that feedback and decided to put isitvulnerable.com together to really showcase what you can get out of it / uh check your dang Gemfile.lock at least.We're expanding platforms, so do tell us what to support next :).

评论 #10022807 未加载

评论 #10023236 未加载

评论 #10022964 未加载

评论 #10023485 未加载

评论 #10024893 未加载

评论 #10022906 未加载

Mojah将近 10 年前

If you're into PHP, SensioLabs has a similar service you can use in your Composer.lock file: <a href="https://security.sensiolabs.org/check" rel="nofollow">https://security.sensiolabs.org/check</a>It'll block any vulnerable version of a dependency in your project.

homakov将近 10 年前

Someone should reestimate severity of those "CVEs". I got 10 warnings and none of them is any severe for my app(and yours too, likely), so I'm definitely not vulnerable.Also LOL "CSRF Vulnerability in jquery-rails" is known as not a bug at all.

评论 #10024781 未加载

bshimmin将近 10 年前

This is terrific. Easy to understand, fast, and very useful. Great job, guys!

评论 #10022849 未加载

piratebroadcast将近 10 年前

So if somebody hacks isitvulnerable.com, they have a list of vulnerable rails sites.

评论 #10023631 未加载

brobinson将近 10 年前

Great tool! Bookmarked.Bug report: text here [1] is not rendering properly, but if I resize the window to be smaller it adjusts and is fine. Happens in Firefox 39.0.3 (no plugins) and Chrome 44.0.2403.130 (64-bit, no plugins) at 1000px window width on OSX Yosemite.[1] <a href="http://i.imgur.com/rgQqli8.png" rel="nofollow">http://i.imgur.com/rgQqli8.png</a>

评论 #10023565 未加载

评论 #10023539 未加载

dboyd将近 10 年前

Looks great. Your formatting on the result page is messed up in my browser (chrome on osx). You can see a screen shot here...<a href="https://annotate.driftt.com/view?i=99nffsejxeiittq%2F2015-08-07_at_10.49_AM_(1).png%2F" rel="nofollow">https://annotate.driftt.com/view?i=99nffsejxeiittq%2F2015-08...</a>

评论 #10023999 未加载

caioariede将近 10 年前

I'd like to know if there is something similar for Python, or something like <a href="https://github.com/rubysec/ruby-advisory-db" rel="nofollow">https://github.com/rubysec/ruby-advisory-db</a> for Python.

评论 #10025124 未加载

busterarm将近 10 年前

THANK YOU!I think this is really awesome......I have to go update a few projects right now.

thoughtpalette将近 10 年前

This is awesome, great idea! I see the sign-up for additional platforms. Thinking of supporting package.json and bower files?

评论 #10023133 未加载

11 条评论

sciurus将近 10 年前

评论 #10022993 未加载

phillmv将近 10 年前

评论 #10022807 未加载

评论 #10023236 未加载

评论 #10022964 未加载

评论 #10023485 未加载

评论 #10024893 未加载

评论 #10022906 未加载

Mojah将近 10 年前

homakov将近 10 年前

评论 #10024781 未加载

bshimmin将近 10 年前

This is terrific. Easy to understand, fast, and very useful. Great job, guys!

评论 #10022849 未加载

piratebroadcast将近 10 年前

So if somebody hacks isitvulnerable.com, they have a list of vulnerable rails sites.

评论 #10023631 未加载

brobinson将近 10 年前

评论 #10023565 未加载

评论 #10023539 未加载

dboyd将近 10 年前

评论 #10023999 未加载

caioariede将近 10 年前

评论 #10025124 未加载

busterarm将近 10 年前

THANK YOU!I think this is really awesome......I have to go update a few projects right now.

thoughtpalette将近 10 年前

This is awesome, great idea! I see the sign-up for additional platforms. Thinking of supporting package.json and bower files?

评论 #10023133 未加载

Show HN: Is it vulnerable? Drag-n-drop your Gemfile.lock to check

11 条评论

Show HN: Is it vulnerable? Drag-n-drop your Gemfile.lock to check

11 条评论