EUVD-2017-0288

Malware in sbrugna...

EUVD-2022-2113

Malicious code in bioql PyPI...

CVE-2013-0284

Ruby agent 3.2.0 through 3.5.2 serializes sensitive data when communicating with servers operated by New Relic, which allows remote attackers to obtain sensitive information database credentials and SQL statements by sniffing the network and deserializing the data...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation. When specifying a trusted server CA certificate via the servercacert setting, the Ruby agent will not properly verify the certificate returned by the APM server. Remediation Upgrade elastic-apm to version 2.9....

Man-in-the-Middle (MitM)

elastic-apm is vulnerable to man-in-the-middle MitM attacks. When specifying a trusted server CA certificate via the servercacert setting, a TLS certificate validation error causes improper verification of the certificate returned by the APM server. This allows an attacker to perform...

Elastic APM agent for Ruby 2.9.0 security update

Elastic APM agent for Ruby client authentication flaw ESA-2019-08 A TLS certificate validation flaw was found in Elastic APM agent for Ruby versions before 2.9.0. When specifying a trusted server CA certificate via the ‘servercacert’ setting, the Ruby agent would not properly verify the certifica...

PT-2019-18667 · Elastic · Apm Agent For Ruby

Name of the Vulnerable Software and Affected Versions: Elastic APM agent for Ruby versions prior to 2.9.0 Description: A TLS certificate validation flaw was found in the Elastic APM agent for Ruby. When specifying a trusted server CA certificate via the server ca cert setting, the Ruby agent woul...

GHSA-Q6CW-2553-7837 newrelic_rpm Gem Discloses Sensitive Information

Ruby agent 3.2.0 through 3.5.3.23 serializes sensitive data when communicating with servers operated by New Relic, which allows remote attackers to obtain sensitive information database credentials and SQL statements by sniffing the network and deserializing the data...

newrelic_rpm Gem Discloses Sensitive Information

Ruby agent 3.2.0 through 3.5.3.23 serializes sensitive data when communicating with servers operated by New Relic, which allows remote attackers to obtain sensitive information database credentials and SQL statements by sniffing the network and deserializing the data...

CVE-2013-0284

Ruby agent 3.2.0 through 3.5.2 serializes sensitive data when communicating with servers operated by New Relic, which allows remote attackers to obtain sensitive information database credentials and SQL statements by sniffing the network and deserializing the data...

Information disclosure

Ruby agent 3.2.0 through 3.5.2 serializes sensitive data when communicating with servers operated by New Relic, which allows remote attackers to obtain sensitive information database credentials and SQL statements by sniffing the network and deserializing the data...

CVE-2013-0284

Ruby agent 3.2.0 through 3.5.2 serializes sensitive data when communicating with servers operated by New Relic, which allows remote attackers to obtain sensitive information database credentials and SQL statements by sniffing the network and deserializing the data...

CVE-2013-0284

CVE-2013-0284 affects the Ruby agent (Ruby agent 3.2.0 through 3.5.2, with variants noting up to 3.5.3.23) by serializing sensitive data when communicating with New Relic servers. This exposure can let an attacker obtain database credentials and SQL statements via network sniffing and deserializa...