4 matches found
Path traversal
messagebus is a messaging bus for Ruby processes and web clients. In versions prior to 3.3.7 users who deployed message bus with diagnostics features enabled default off are vulnerable to a path traversal bug, which could lead to disclosure of secret information on a machine if an unintended user...
CVE-2021-43840 Path traversal in message_bus
messagebus is a messaging bus for Ruby processes and web clients. In versions prior to 3.3.7 users who deployed message bus with diagnostics features enabled default off are vulnerable to a path traversal bug, which could lead to disclosure of secret information on a machine if an unintended user...
CVE-2021-43840
The CVE concerns the message_bus Ruby gem. If deployed before version 3.3.7 with diagnostics enabled, a path traversal flaw in the diagnostic route could disclose secret information; impact increases without a proxy, while proxies (e.g., Nginx with merge_slashes) can limit exposure to about 3 dir...
CVE-2021-43840
messagebus is a messaging bus for Ruby processes and web clients. In versions prior to 3.3.7 users who deployed message bus with diagnostics features enabled default off are vulnerable to a path traversal bug, which could lead to disclosure of secret information on a machine if an unintended user...