Описание
lawn-login exposes database password to unauthorized users
The login function in lib/lawn.rb in the lawn-login gem 0.0.7 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process.
Пакеты
Наименование
lawn-login
rubygems
Затронутые версииВерсия исправления
= 0.0.7
Отсутствует
Связанные уязвимости
CVSS3: 7.8
nvd
около 8 лет назад
The login function in lib/lawn.rb in the lawn-login gem 0.0.7 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process.