codders-dataset Gem for Ruby lib/dataset/database/mysql.rb and lib/dataset/database/postgresql.rb Process Table Local Plaintext Credential Disclosure
Published: June 30, 2014
SECURITY IDENTIFIERS
- CVE: CVE-2014-4991 (NVD)
- GHSA: GHSA-w9vv-fvw8-j6q3
- OSVDB: OSVDB-108582
GEM
SEVERITY
CVSS v3.x: 7.8 (High)
PATCHED VERSIONS
None available.
DESCRIPTION
"(1) lib/dataset/database/mysql.rb and (2) lib/dataset/database/postgresql.rb in the codders-dataset gem 1.3.2.1 for Ruby place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process."