Home page logo
/

oss-sec logo oss-sec mailing list archives

Vulnerability Reported in my Ruby Gem
From: richard schneeman <richard.schneeman () gmail com>
Date: Tue, 8 Oct 2013 12:21:55 -0500

I'm interested in creating a CVE for this issue and came to this mailing
list from this link:
http://people.redhat.com/kseifrie/CVE-OpenSource-Request-HOWTO.html

I maintain the ruby gem 'wicked' (roughly 100k downloads). A vulnerability
has been reported allowing an attacker to read arbitrary files on a system.

All previously released versions are vulnerable. Version 1.0.1 has been
released with the problem patched.

Email: richard.schneeman () gmail com
Software Name: Wicked gem

Commit of fix:
https://github.com/schneems/wicked/commit/fe31bb2533fffc9d098c69ebeb7afc3b80509f53


Please let me know if you need more information or if this is the wrong
forum for this type of a request

--
Richard Schneeman

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]