CVE-2013-7224 (fat_free_crm): Fat Free CRM Gem for Ruby allows remote attackers to obtain sensitive informations

December 24th, 2013

ADVISORIES

CVE-2013-7224 (NVD)
GHSA-4xq9-vw89-p5cx
OSVDB-101447

GEM

fat_free_crm

SEVERITY

CVSS v2.0: 5.0 (Medium)

PATCHED VERSIONS

>= 0.13.0
~> 0.12.1

DESCRIPTION

Fat Free CRM contains a flaw in user controllers that is triggered as JSON requests are rendered with a full JSON object. This may allow a remote attacker to gain access to potentially sensitive information e.g. other users password hashes.

RubySec

CVE-2013-7224 (fat_free_crm): Fat Free CRM Gem for Ruby allows remote attackers to obtain sensitive informations

ADVISORIES

GEM

SEVERITY

PATCHED VERSIONS

DESCRIPTION

Recent Advisories