Fat Free CRM Gem for Ruby allows remote attackers to obtain sensitive informations
Published: December 24, 2013
SECURITY IDENTIFIERS
- CVE: CVE-2013-7224 (NVD)
- GHSA: GHSA-4xq9-vw89-p5cx
- OSVDB: OSVDB-101447
GEM
SEVERITY
CVSS v2.0: 5.0 (Medium)
PATCHED VERSIONS
>= 0.13.0
~> 0.12.1
DESCRIPTION
Fat Free CRM contains a flaw in user controllers that is triggered as JSON requests are rendered with a full JSON object. This may allow a remote attacker to gain access to potentially sensitive information e.g. other users password hashes.