High severity7.8NVD Advisory· Published Jan 10, 2018· Updated Jun 17, 2026
CVE-2014-4999
CVE-2014-4999
Description
vendor/plugins/dataset/lib/dataset/database/mysql.rb in the kajam gem 1.0.3.rc2 for Ruby places the mysql user password on the (1) mysqldump command line in the capture function and (2) mysql command line in the restore function, which allows local users to obtain sensitive information by listing the process.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
kajamRubyGems | <= 1.0.3.rc2 | — |
Affected products
1Patches
Vulnerability mechanics
References
5- www.vapid.dhs.org/advisories/kajam-1.0.3.rc2.htmlnvdExploitThird Party AdvisoryWEB
- www.openwall.com/lists/oss-security/2014/07/07/19nvdMailing ListThird Party AdvisoryWEB
- www.openwall.com/lists/oss-security/2014/07/17/5nvdMailing ListThird Party AdvisoryWEB
- github.com/advisories/GHSA-4ph7-5c44-pppvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2014-4999ghsaADVISORY
News mentions
0No linked articles in our index yet.