Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE2Y3ctMjU1My03ODM3
newrelic_rpm Gem Discloses Sensitive Information
Ruby agent 3.2.0 through 3.5.3.23 serializes sensitive data when communicating with servers operated by New Relic, which allows remote attackers to obtain sensitive information (database credentials and SQL statements) by sniffing the network and deserializing the data.
Permalink: https://github.com/advisories/GHSA-q6cw-2553-7837JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE2Y3ctMjU1My03ODM3
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 7 years ago
Updated: about 1 year ago
EPSS Percentage: 0.00287
EPSS Percentile: 0.68396
Identifiers: GHSA-q6cw-2553-7837, CVE-2013-0284
References:
- https://nvd.nist.gov/vuln/detail/CVE-2013-0284
- http://seclists.org/oss-sec/2013/q1/304
- https://web.archive.org/web/20130117025417/https://newrelic.com/docs/ruby/ruby-agent-security-notification
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/newrelic_rpm/CVE-2013-0284.yml
- https://newrelic.com/docs/ruby/ruby-agent-security-notification
- https://github.com/advisories/GHSA-q6cw-2553-7837
Affected Packages
rubygems:newrelic_rpm
Dependent packages: 132Dependent repositories: 19,636
Downloads: 153,948,016 total
Affected Version Ranges: >= 3.2.0, <= 3.5.3.23
Fixed in: 3.5.3.24
All affected versions: 3.2.0, 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.3.5, 3.4.0, 3.4.1, 3.4.2, 3.5.0, 6.13.0, 6.13.1, 6.14.0, 6.15.0, 7.0.0, 7.1.0, 7.2.0, 8.0.0, 8.1.0, 8.2.0, 8.3.0, 8.4.0, 8.5.0, 8.6.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.10.1, 8.11.0, 8.12.0, 8.13.0, 8.13.1, 8.14.0, 8.15.0, 8.16.0, 9.0.0, 9.1.0, 9.2.0, 9.2.1, 9.2.2, 9.3.0, 9.3.1, 9.4.0, 9.4.1, 9.4.2, 9.5.0, 9.6.0, 9.7.0, 9.7.1, 9.8.0, 9.9.0, 9.10.0, 9.10.1, 9.10.2, 9.11.0, 9.12.0, 9.13.0, 9.14.0, 9.15.0, 9.16.0, 9.16.1
All unaffected versions: 2.8.0, 2.8.1, 2.8.2, 2.8.3, 2.8.4, 2.8.5, 2.8.6, 2.8.7, 2.8.8, 2.8.9, 2.8.10, 2.8.11, 2.9.2, 2.9.3, 2.9.4, 2.9.5, 2.9.6, 2.9.8, 2.9.9, 2.10.3, 2.10.4, 2.10.5, 2.10.6, 2.10.8, 2.11.1, 2.11.2, 2.11.3, 2.12.0, 2.12.1, 2.12.2, 2.12.3, 2.13.1, 2.13.2, 2.13.3, 2.13.4, 2.14.0, 2.14.1, 3.0.0, 3.0.1, 3.1.0, 3.1.1, 3.1.2