GHSA-46j2-xjgp-jrfm

Source

https://github.com/advisories/GHSA-46j2-xjgp-jrfm

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/05/GHSA-46j2-xjgp-jrfm/GHSA-46j2-xjgp-jrfm.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-46j2-xjgp-jrfm

Aliases

CVE-2020-8151

Published

2020-05-21T21:09:38Z

Modified

2025-03-31T17:30:30.802753Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

Information disclosure issue in Active Resource

Details

There is a possible information disclosure issue in Active Resource <v5.1.1 that could allow an attacker to create specially crafted requests to access data in an unexpected way and possibly leak information.

Database specific

{
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-200",
        "CWE-863"
    ],
    "github_reviewed_at": "2020-05-21T17:46:20Z",
    "severity": "HIGH",
    "nvd_published_at": "2020-05-12T13:15:00Z"
}

References

Affected packages

RubyGems / activeresource

Package

Name: activeresource
Purl: pkg:gem/activeresource

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.0.0.rc

Fixed

5.1.1

Affected versions

3.*

3.0.0.rc

3.0.0.rc2

3.0.0

3.0.1

3.0.2

3.0.3

3.0.4.rc

3.0.4.rc1

3.0.4

3.0.5.rc1

3.0.5

3.0.6.rc1

3.0.6.rc2

3.0.6

3.0.7.rc1

3.0.7.rc2

3.0.7

3.0.8.rc1

3.0.8.rc2

3.0.8.rc4

3.0.8

3.0.9.rc1

3.0.9.rc3

3.0.9.rc4

3.0.9.rc5

3.0.9

3.0.10.rc1

3.0.10

3.0.11

3.0.12.rc1

3.0.12

3.0.13.rc1

3.0.13

3.0.14

3.0.15

3.0.16

3.0.17

3.0.18

3.0.19

3.0.20

3.1.0.beta1

3.1.0.rc1

3.1.0.rc2

3.1.0.rc3

3.1.0.rc4

3.1.0.rc5

3.1.0.rc6

3.1.0.rc8

3.1.0

3.1.1.rc1

3.1.1.rc2

3.1.1.rc3

3.1.1

3.1.2.rc1

3.1.2.rc2

3.1.2

3.1.3

3.1.4.rc1

3.1.4

3.1.5.rc1

3.1.5

3.1.6

3.1.7

3.1.8

3.1.9

3.1.10

3.1.11

3.1.12

3.2.0.rc1

3.2.0.rc2

3.2.0

3.2.1

3.2.2.rc1

3.2.2

3.2.3.rc1

3.2.3.rc2

3.2.3

3.2.4.rc1

3.2.4

3.2.5

3.2.6

3.2.7.rc1

3.2.7

3.2.8.rc1

3.2.8.rc2

3.2.8

3.2.9.rc1

3.2.9.rc2

3.2.9.rc3

3.2.9

3.2.10

3.2.11

3.2.12

3.2.13.rc1

3.2.13.rc2

3.2.13

3.2.14.rc1

3.2.14.rc2

3.2.14

3.2.15.rc1

3.2.15.rc2

3.2.15.rc3

3.2.15

3.2.16

3.2.17

3.2.18

3.2.19

3.2.20

3.2.21

3.2.22

3.2.22.1

3.2.22.2

3.2.22.3

3.2.22.4

3.2.22.5

4.*

4.0.0.beta1

4.0.0

4.1.0

5.*

5.0.0

5.1.0