The login function in lib/lawn.rb in the lawn-login gem 0.0.7 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
lawn-login project lawn-login 0.0.7 |