Ruby agent 3.2.0 up to and including 3.5.2 serializes sensitive data when communicating with servers operated by New Relic, which allows remote malicious users to obtain sensitive information (database credentials and SQL statements) by sniffing the network and deserializing the data.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
newrelic ruby agent 3.3.5 |
||
newrelic ruby agent 3.4.0 |
||
newrelic ruby agent 3.4.0.1 |
||
newrelic ruby agent 3.4.1 |
||
newrelic ruby agent 3.2.0 |
||
newrelic ruby agent 3.3.0 |
||
newrelic ruby agent 3.3.1 |
||
newrelic ruby agent 3.3.2 |
||
newrelic ruby agent 3.5.1.14 |
||
newrelic ruby agent 3.5.1 |
||
newrelic ruby agent 3.5.2 |
||
newrelic ruby agent 3.3.2.1 |
||
newrelic ruby agent 3.3.4 |
||
newrelic ruby agent 3.4.2.1 |
||
newrelic ruby agent 3.5.0.1 |
||
newrelic ruby agent 3.3.3 |
||
newrelic ruby agent 3.3.4.1 |
||
newrelic ruby agent 3.4.2 |
||
newrelic ruby agent 3.5.0 |