Low severity vulnerability that affects lawn-login

2018-01-22T23:45:33
ID GHSA-RHGQ-VV9X-J4P5
Type github
Reporter GitHub Advisory Database
Modified 2019-07-03T21:02:01

Description

The login function in lib/lawn.rb in the lawn-login gem 0.0.7 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process.