CVE-2014-4991 (codders-dataset): codders-dataset Gem for Ruby lib/dataset/database/mysql.rb and lib/dataset/database/postgresql.rb Process Table Local Plaintext Credential Disclosure

June 30th, 2014

ADVISORIES

CVE-2014-4991 (NVD)
GHSA-w9vv-fvw8-j6q3
OSVDB-108582

GEM

codders-dataset

SEVERITY

CVSS v3.x: 7.8 (High)

PATCHED VERSIONS

None.

DESCRIPTION

"(1) lib/dataset/database/mysql.rb and (2) lib/dataset/database/postgresql.rb in the codders-dataset gem 1.3.2.1 for Ruby place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process."

RubySec

CVE-2014-4991 (codders-dataset): codders-dataset Gem for Ruby lib/dataset/database/mysql.rb and lib/dataset/database/postgresql.rb Process Table Local Plaintext Credential Disclosure

ADVISORIES

GEM

SEVERITY

PATCHED VERSIONS

DESCRIPTION

Recent Advisories