Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE2Y3ctMjU1My03ODM3

newrelic_rpm Gem Discloses Sensitive Information

Ruby agent 3.2.0 through 3.5.3.23 serializes sensitive data when communicating with servers operated by New Relic, which allows remote attackers to obtain sensitive information (database credentials and SQL statements) by sniffing the network and deserializing the data.

Permalink: https://github.com/advisories/GHSA-q6cw-2553-7837
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE2Y3ctMjU1My03ODM3
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 7 years ago
Updated: about 1 year ago


EPSS Percentage: 0.00287
EPSS Percentile: 0.68396

Identifiers: GHSA-q6cw-2553-7837, CVE-2013-0284
References: Blast Radius: 0.0

Affected Packages

rubygems:newrelic_rpm
Dependent packages: 132
Dependent repositories: 19,636
Downloads: 153,948,016 total
Affected Version Ranges: >= 3.2.0, <= 3.5.3.23
Fixed in: 3.5.3.24
All affected versions: 3.2.0, 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.3.5, 3.4.0, 3.4.1, 3.4.2, 3.5.0, 6.13.0, 6.13.1, 6.14.0, 6.15.0, 7.0.0, 7.1.0, 7.2.0, 8.0.0, 8.1.0, 8.2.0, 8.3.0, 8.4.0, 8.5.0, 8.6.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.10.1, 8.11.0, 8.12.0, 8.13.0, 8.13.1, 8.14.0, 8.15.0, 8.16.0, 9.0.0, 9.1.0, 9.2.0, 9.2.1, 9.2.2, 9.3.0, 9.3.1, 9.4.0, 9.4.1, 9.4.2, 9.5.0, 9.6.0, 9.7.0, 9.7.1, 9.8.0, 9.9.0, 9.10.0, 9.10.1, 9.10.2, 9.11.0, 9.12.0, 9.13.0, 9.14.0, 9.15.0, 9.16.0, 9.16.1
All unaffected versions: 2.8.0, 2.8.1, 2.8.2, 2.8.3, 2.8.4, 2.8.5, 2.8.6, 2.8.7, 2.8.8, 2.8.9, 2.8.10, 2.8.11, 2.9.2, 2.9.3, 2.9.4, 2.9.5, 2.9.6, 2.9.8, 2.9.9, 2.10.3, 2.10.4, 2.10.5, 2.10.6, 2.10.8, 2.11.1, 2.11.2, 2.11.3, 2.12.0, 2.12.1, 2.12.2, 2.12.3, 2.13.1, 2.13.2, 2.13.3, 2.13.4, 2.14.0, 2.14.1, 3.0.0, 3.0.1, 3.1.0, 3.1.1, 3.1.2