OSVDB-115917 (bundler): Bundler Gem for Ruby install Command Process Listing Local Plaintext Credential Disclosure

September 20th, 2011

ADVISORIES

OSVDB-115917

GEM

PATCHED VERSIONS

>= 1.1.rc

DESCRIPTION

Bundler Gem for Ruby contains a flaw that is due to the program listing credential information in plaintext in the install command process listing. This may allow a local attacker to gain access to credential information.

RubySec

OSVDB-115917 (bundler): Bundler Gem for Ruby install Command Process Listing Local Plaintext Credential Disclosure

ADVISORIES

GEM

PATCHED VERSIONS

DESCRIPTION

Recent Advisories