Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXh3cjMtZm1nai1tbWZy
Exposure of Sensitive Information in bio-basespace-sdk
The put_call function in the API client (api/api_client.rb) in the BaseSpace Ruby SDK (aka bio-basespace-sdk) gem 0.1.7 for Ruby uses the API_KEY on the command line, which allows remote attackers to obtain sensitive information by listing the processes.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXh3cjMtZm1nai1tbWZy
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 7 years ago
Updated: about 1 year ago
EPSS Percentage: 0.00328
EPSS Percentile: 0.70557
Identifiers: GHSA-xwr3-fmgj-mmfr, CVE-2013-7111
References:
- https://nvd.nist.gov/vuln/detail/CVE-2013-7111
- https://github.com/advisories/GHSA-xwr3-fmgj-mmfr
- http://www.openwall.com/lists/oss-security/2013/12/14/2
- http://www.openwall.com/lists/oss-security/2013/12/15/5
- http://www.vapid.dhs.org/advisories/bio-basespace-sdk.html
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bio-basespace-sdk/CVE-2013-7111.yml
Affected Packages
rubygems:bio-basespace-sdk
Dependent packages: 0Dependent repositories: 1
Downloads: 42,215 total
Affected Version Ranges: <= 0.1.7
No known fixed version
All affected versions: 0.1.2, 0.1.3, 0.1.5, 0.1.6, 0.1.7