RubySec

Providing security resources for the Ruby community

CVE-2015-2179 (xaviershay-dm-rails): xaviershay-dm-rails Gem for Ruby exposes sensitive information via the process table

ADVISORIES

GEM

xaviershay-dm-rails

SEVERITY

CVSS v3.x: 5.5 (Medium)

PATCHED VERSIONS

None.

DESCRIPTION

xaviershay-dm-rails Gem for Ruby contains a flaw in the execute() function in /datamapper/dm-rails/blob/master/lib/dm-rails/storage.rb. The issue is due to the function exposing sensitive information via the process table. This may allow a local attack to gain access to MySQL credential information.