Rubysec

Providing security resources for the Ruby community.
Follow us @rubysec or email us via info at rubysec.com

Advisory Archive

Back

---
gem: airbrake-ruby
date: 2019-04-10
url: https://github.com/airbrake/airbrake-ruby/issues/468
cve: 2019-16060
title: Blacklist keys are no longer being filtered in airbrake-ruby
description: |
  A flaw in airbrake-ruby v4.2.3 prevented user data from being filtered
  prior to sending to Airbrake. Such data could be user passwords. Therefore, an app
  could leak user passwords without knowing it.
unaffected_versions:
- "< 4.2.3"
- "> 4.2.3"
patched_versions:
- ">= 4.2.4"
related:
  url: '["https://github.com/airbrake/airbrake-ruby/pull/469"]'