CVE-2013-0284: Ruby Agent Sensitive Information Disclosure

April 9, 2013 (updated April 10, 2013)

A bug in the Ruby agent causes database connection information and raw SQL statements to be transmitted to New Relic servers. The database connection information includes the database IP address, username, and password. The information is not stored or retransmitted by New Relic and is immediately discarded.

References

web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0284
newrelic.com/docs/ruby/ruby-agent-security-notification

Code Behaviors & Features

Detect and mitigate CVE-2013-0284 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →