RubySec

Providing security resources for the Ruby community

CVE-2013-7249 (fat_free_crm): Fat Free CRM Gem for Ruby allows remote attackers to obtain sensitive informations

ADVISORIES

GEM

fat_free_crm

SEVERITY

CVSS v2: 5.0

PATCHED VERSIONS

  • >= 0.13.0
  • ~> 0.12.1

DESCRIPTION

Fat Free CRM contains a flaw that is triggered when the attacker sends a direct request for XML data. This may allow a remote attacker to gain access to potentially sensitive information.