CVE-2015-2179 (xaviershay-dm-rails): xaviershay-dm-rails Gem for Ruby exposes sensitive information via the process table

February 17th, 2015

ADVISORIES

CVE-2015-2179 (NVD)
GHSA-88p8-4vv5-82j7
OSVDB-118579

GEM

xaviershay-dm-rails

SEVERITY

CVSS v3.x: 5.5 (Medium)

PATCHED VERSIONS

None.

DESCRIPTION

xaviershay-dm-rails Gem for Ruby contains a flaw in the execute() function in /datamapper/dm-rails/blob/master/lib/dm-rails/storage.rb. The issue is due to the function exposing sensitive information via the process table. This may allow a local attack to gain access to MySQL credential information.

RubySec

CVE-2015-2179 (xaviershay-dm-rails): xaviershay-dm-rails Gem for Ruby exposes sensitive information via the process table

ADVISORIES

GEM

SEVERITY

PATCHED VERSIONS

DESCRIPTION

Recent Advisories