ADVISORIES

• CVE-2014-4999 (NVD)
• GHSA-4ph7-5c44-pppv
• OSVDB-108529

GEM

kajam

SEVERITY

CVSS v3.x: 7.8 (High)

PATCHED VERSIONS

None.

DESCRIPTION

kajam Gem for Ruby contains a flaw in /dataset/lib/dataset/database/postgresql.rb that is triggered as the program exposes the MySQL or PostgreSQL password in the process list. This may allow a local attacker to gain access to password information.