Critical severity9.8NVD Advisory· Published Sep 6, 2019· Updated Jun 17, 2026
CVE-2019-16060
CVE-2019-16060
Description
The Airbrake Ruby notifier 4.2.3 for Airbrake mishandles the blacklist_keys configuration option and consequently may disclose passwords to unauthorized actors. This is fixed in 4.2.4 (also, 4.2.2 and earlier are unaffected).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
airbrake-rubyRubyGems | >= 4.2.3, < 4.2.4 | 4.2.4 |
Affected products
2- Airbrake/Airbrake Ruby notifierdescription
Patches
Vulnerability mechanics
References
5- github.com/airbrake/airbrake-ruby/issues/468nvdIssue TrackingPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-2p82-v77v-mpprghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-16060ghsaADVISORY
- github.com/airbrake/airbrake-ruby/pull/469/commits/d29925e7838031bf7dea7016b22de52532503796ghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/airbrake-ruby/CVE-2019-16060.ymlghsaWEB
News mentions
0No linked articles in our index yet.