RubySec

Providing security resources for the Ruby community

CVE-2013-0284 (newrelic_rpm): Ruby on Rails newrelic_rpm Gem Discloses Sensitive Information

ADVISORIES

GEM

newrelic_rpm

SEVERITY

CVSS v2: 5.0

PATCHED VERSIONS

  • >= 3.5.3.25

DESCRIPTION

A bug in the Ruby agent causes database connection information and raw SQL statements to be transmitted to New Relic servers. The database connection information includes the database IP address, username, and password