Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE2Y3ctMjU1My03ODM3

newrelic_rpm Gem Discloses Sensitive Information

Ruby agent 3.2.0 through 3.5.3.23 serializes sensitive data when communicating with servers operated by New Relic, which allows remote attackers to obtain sensitive information (database credentials and SQL statements) by sniffing the network and deserializing the data.

Permalink: https://github.com/advisories/GHSA-q6cw-2553-7837
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE2Y3ctMjU1My03ODM3
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 6 years ago
Updated: 6 months ago

Identifiers: GHSA-q6cw-2553-7837, CVE-2013-0284
References:

Blast Radius: 0.0

Affected Packages

rubygems:newrelic_rpm

Dependent packages: 132
Dependent repositories: 19,636
Downloads: 143,139,977 total
Affected Version Ranges: >= 3.2.0, <= 3.5.3.23
Fixed in: 3.5.3.24
All affected versions: 3.2.0, 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.3.5, 3.4.0, 3.4.1, 3.4.2, 3.5.0, 6.13.0, 6.13.1, 6.14.0, 6.15.0, 7.0.0, 7.1.0, 7.2.0, 8.0.0, 8.1.0, 8.2.0, 8.3.0, 8.4.0, 8.5.0, 8.6.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.10.1, 8.11.0, 8.12.0, 8.13.0, 8.13.1, 8.14.0, 8.15.0, 8.16.0, 9.0.0, 9.1.0, 9.2.0, 9.2.1, 9.2.2, 9.3.0, 9.3.1, 9.4.0, 9.4.1, 9.4.2, 9.5.0, 9.6.0, 9.7.0, 9.7.1, 9.8.0, 9.9.0
All unaffected versions: 2.8.0, 2.8.1, 2.8.2, 2.8.3, 2.8.4, 2.8.5, 2.8.6, 2.8.7, 2.8.8, 2.8.9, 2.8.10, 2.8.11, 2.9.2, 2.9.3, 2.9.4, 2.9.5, 2.9.6, 2.9.8, 2.9.9, 2.10.3, 2.10.4, 2.10.5, 2.10.6, 2.10.8, 2.11.1, 2.11.2, 2.11.3, 2.12.0, 2.12.1, 2.12.2, 2.12.3, 2.13.1, 2.13.2, 2.13.3, 2.13.4, 2.14.0, 2.14.1, 3.0.0, 3.0.1, 3.1.0, 3.1.1, 3.1.2