rest-client ruby gem logs sensitive information
Published: April 29, 2015
SECURITY IDENTIFIERS
- CVE: CVE-2015-3448 (NVD)
- GHSA: GHSA-mx9f-w8qq-q5jf
- Vendor Advisory: https://github.com/rest-client/rest-client/issues/349
GEM
SEVERITY
CVSS v2.0: 2.1 (Low)
PATCHED VERSIONS
>= 1.7.3
DESCRIPTION
REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log.