Moderate severity vulnerability that affects bio-basespace-sdk

2017-10-24T18:33:36
ID GHSA-XWR3-FMGJ-MMFR
Type github
Reporter GitHub Advisory Database
Modified 2019-07-03T21:02:00

Description

The put_call function in the API client (api/api_client.rb) in the BaseSpace Ruby SDK (aka bio-basespace-sdk) gem 0.1.7 for Ruby uses the API_KEY on the command line, which allows remote attackers to obtain sensitive information by listing the processes.