GHSA-wr5j-q359-6vr2

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-wr5j-q359-6vr2/GHSA-wr5j-q359-6vr2.json
Aliases
  • CVE-2014-4993
Published
2022-05-14T03:48:04Z
Modified
2023-03-18T05:46:09.251147Z
Details

(1) lib/backup/cli/utility.rb in the backup-agoddard gem 3.0.28 and (2) lib/backup/cli/utility.rb in the backup_checksum gem 3.0.23 for Ruby place credentials on the openssl command line, which allows local users to obtain sensitive information by listing the process.

References

Affected packages

RubyGems / backup-agoddard

backup-agoddard

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0

Affected versions

3.*

3.0.27
3.0.28

Database specific

{
    "last_known_affected_version_range": "<= 3.0.28"
}

RubyGems / backup_checksum

backup_checksum

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0

Affected versions

3.*

3.0.23

Database specific

{
    "last_known_affected_version_range": "<= 3.0.23"
}