oss-sec mailing list archives
Re: Some rubygems related CVEs
From: Reed Loden <reed () reedloden com>
Date: Wed, 13 Feb 2013 18:55:28 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 13 Feb 2013 19:39:23 -0700 Kurt Seifried <kseifried () redhat com> wrote:
newrelic_rpm information disclosure newrelic_rpm https://newrelic.com/docs/ruby/ruby-agent-security-notification A bug in the Ruby agent causes database connection information and raw SQL statements to be transmitted to New Relic servers. The database connection information includes the database IP address, username, and password. The information is not stored or retransmitted by New Relic and is immediately discarded. Please use CVE-2013-0284 for this issue.
This issue was disclosed on 2012-12-06, so it should actually have a CVE-2012-XXXX assignment. ~reed -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAlEcUiAACgkQa6IiJvPDPVrOLgCdGJF+jeMIuyyybbToA3OUi5Ca SSIAnjSBZF8SsToyHUT2IE1Viu0gVlni =MMyb -----END PGP SIGNATURE-----
Current thread:
- Some rubygems related CVEs Kurt Seifried (Feb 13)
- Re: Some rubygems related CVEs Reed Loden (Feb 13)
- Re: Some rubygems related CVEs Kurt Seifried (Feb 13)
- Re: Some rubygems related CVEs Reed Loden (Feb 13)