ADVISORIES

• CVE-2019-16060 (NVD)
• GHSA-2p82-v77v-mppr
• Vendor Advisory

GEM

airbrake-ruby

SEVERITY

CVSS v3.x: 9.8 (Critical)

UNAFFECTED VERSIONS

• < 4.2.3
• > 4.2.3

PATCHED VERSIONS

• >= 4.2.4

DESCRIPTION

A flaw in airbrake-ruby v4.2.3 prevented user data from being filtered prior to sending to Airbrake. Such data could be user passwords. Therefore, an app could leak user passwords without knowing it.

RELATED

• https://github.com/airbrake/airbrake-ruby/pull/469