Fat Free CRM Gem for Ruby allows remote attackers to obtain sensitive informations
Published: December 24, 2013
SECURITY IDENTIFIERS
- CVE: CVE-2013-7249 (NVD)
- GHSA: GHSA-f25h-3mj6-4jpg
- OSVDB: OSVDB-101700
GEM
SEVERITY
CVSS v2.0: 5.0 (Medium)
PATCHED VERSIONS
>= 0.13.0
~> 0.12.1
DESCRIPTION
Fat Free CRM contains a flaw that is triggered when the attacker sends a direct request for XML data. This may allow a remote attacker to gain access to potentially sensitive information.