CVE-2014-4991 (codders-dataset): codders-dataset Gem for Ruby lib/dataset/database/mysql.rb and lib/dataset/database/postgresql.rb Process Table Local Plaintext Credential Disclosure

June 30th, 2014

ADVISORIES

CVE-2014-4991 (NVD)
OSVDB-108582

GEM

PATCHED VERSIONS

None.

DESCRIPTION

(1) lib/dataset/database/mysql.rb and (2) lib/dataset/database/postgresql.rb in the codders-dataset gem 1.3.2.1 for Ruby place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process.

RubySec

CVE-2014-4991 (codders-dataset): codders-dataset Gem for Ruby lib/dataset/database/mysql.rb and lib/dataset/database/postgresql.rb Process Table Local Plaintext Credential Disclosure

ADVISORIES

GEM

PATCHED VERSIONS

DESCRIPTION

Recent Advisories