ADVISORIES

• OSVDB-115917
• Vendor Advisory

GEM

bundler

PATCHED VERSIONS

• >= 1.1.rc

DESCRIPTION

Bundler Gem for Ruby contains a flaw that is due to the program listing credential information in plaintext in the install command process listing. This may allow a local attacker to gain access to credential information.

RELATED

• https://my.diffend.io/gems/bundler/versions/1.0.0.beta.8
• https://my.diffend.io/gems/bundler/versions/1.1.rc
• https://github.com/rubygems/bundler/commit/95bb14483cf8af857dc901c22db48cd3057d243e
• https://github.com/rubygems/bundler/pull/1463
• https://github.com/rubygems/bundler/issues/1440
• http://www.osvdb.org/show/osvdb/115917