ADVISORIES

• OSVDB-115091
• Vendor Advisory

GEM

bundler

PATCHED VERSIONS

• >= 1.3.0.pre.8

DESCRIPTION

Bundler Gem for Ruby contains a flaw that is triggered during the redirection to other hosts. This may allow a remote attacker to gain access to HTTP basic authentication credential information.

RELATED

• https://github.com/rubygems/bundler/releases/tag/v1.3.0.pre.8
• https://my.diffend.io/gems/bundler/1.3.0.pre.7/1.3.0.pre.8
• https://my.diffend.io/gems/bundler/versions/1.0.0.beta.8
• http://www.osvdb.org/show/osvdb/115091