oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Vulnerability Reported in my Ruby Gem

From: richard schneeman <richard.schneeman () gmail com>
Date: Tue, 8 Oct 2013 12:21:55 -0500
I'm interested in creating a CVE for this issue and came to this mailing
list from this link:
http://people.redhat.com/kseifrie/CVE-OpenSource-Request-HOWTO.html

I maintain the ruby gem 'wicked' (roughly 100k downloads). A vulnerability
has been reported allowing an attacker to read arbitrary files on a system.

All previously released versions are vulnerable. Version 1.0.1 has been
released with the problem patched.

Email: richard.schneeman () gmail com
Software Name: Wicked gem

Commit of fix:
https://github.com/schneems/wicked/commit/fe31bb2533fffc9d098c69ebeb7afc3b80509f53


Please let me know if you need more information or if this is the wrong
forum for this type of a request

--
Richard Schneeman
Previous By Date Next
Previous By Thread Next

Current thread: