CVE-2015-3448: Log Plaintext Password Local Disclosure

April 29, 2015 (updated December 5, 2016)

REST Client for Ruby contains a flaw that is due to the application logging password information in plaintext. This may allow a local attacker to gain access to password information.

References

www.osvdb.org/show/osvdb/117461
github.com/rest-client/rest-client/issues/349

Code Behaviors & Features

Detect and mitigate CVE-2015-3448 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →