Skip to content

Exposure of Sensitive Information in bio-basespace-sdk

Moderate severity GitHub Reviewed Published Oct 24, 2017 to the GitHub Advisory Database • Updated Nov 10, 2023

Package

bundler bio-basespace-sdk (RubyGems)

Affected versions

<= 0.1.7

Patched versions

None

Description

The put_call function in the API client (api/api_client.rb) in the BaseSpace Ruby SDK (aka bio-basespace-sdk) gem 0.1.7 for Ruby uses the API_KEY on the command line, which allows remote attackers to obtain sensitive information by listing the processes.

References

Published by the National Vulnerability Database Apr 29, 2014
Published to the GitHub Advisory Database Oct 24, 2017
Reviewed Jun 16, 2020
Last updated Nov 10, 2023

Severity

Moderate

EPSS score

0.351%
(73rd percentile)

Weaknesses

CVE ID

CVE-2013-7111

GHSA ID

GHSA-xwr3-fmgj-mmfr

Source code

No known source code
Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.