RubySec

Providing security resources for the Ruby community

CVE-2015-3448 (rest-client): rest-client ruby gem logs sensitive information

ADVISORIES

GEM

rest-client

SEVERITY

CVSS v2: 2.1

PATCHED VERSIONS

  • >= 1.7.3

DESCRIPTION

REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log.