OSVDB-115091 (bundler): Bundler Gem for Ruby Redirection Remote HTTP Basic Authentication Credential Disclosure

Bundler Gem for Ruby Redirection Remote HTTP Basic Authentication Credential Disclosure

Published: February 12, 2013

SECURITY IDENTIFIERS

OSVDB: OSVDB-115091
Vendor Advisory: https://github.com/rubygems/bundler/releases/tag/v1.3.0.pre.8

GEM

bundler

PATCHED VERSIONS

>= 1.3.0.pre.8

DESCRIPTION

Bundler Gem for Ruby contains a flaw that is triggered during the redirection to other hosts. This may allow a remote attacker to gain access to HTTP basic authentication credential information.

https://github.com/rubygems/bundler/releases/tag/v1.3.0.pre.8
https://my.diffend.io/gems/bundler/1.3.0.pre.7/1.3.0.pre.8
https://my.diffend.io/gems/bundler/versions/1.0.0.beta.8
http://www.osvdb.org/show/osvdb/115091

RubySec

OSVDB-115091 (bundler): Bundler Gem for Ruby Redirection Remote HTTP Basic Authentication Credential Disclosure

Bundler Gem for Ruby Redirection Remote HTTP Basic Authentication Credential Disclosure

SECURITY IDENTIFIERS

GEM

PATCHED VERSIONS

DESCRIPTION

RELATED

Recent Advisories