GHSA-5g7f-p7jg-v6mv

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-5g7f-p7jg-v6mv/GHSA-5g7f-p7jg-v6mv.json
Aliases
  • CVE-2014-4998
Published
2022-05-14T03:47:43Z
Modified
2023-04-11T01:46:33.580370Z
Details

test/tc_database.rb in the lean-ruport gem 0.3.8 for Ruby places the mysql user password on the mysqldump command line, which allows local users to obtain sensitive information by listing the process.

References

Affected packages

RubyGems / lean-ruport

lean-ruport

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0
Last affected
0.3.8

Affected versions

0.*

0.3.8