OSVDB-115917: Install Command Process Listing Local Plaintext Credential Disclosure

September 20, 2011

This package contains a flaw that is due to the program listing credential information in plaintext in the install-command process listing. This may allow a local attacker to gain access to credential information.

References

github.com/bundler/bundler/issues/1440
github.com/rubysec/ruby-advisory-db/blob/master/gems/bundler/OSVDB-115917.yml

Detect and mitigate OSVDB-115917 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →