VYPR

RubyGems package

VladTheEnterprising

pkg:gem/VladTheEnterprising

Vulnerabilities (2)

  • CVE-2014-4996MedJan 10, 2018
    affected <= 0.2

    lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to write to arbitrary files via a symlink attack on /tmp/my.cnf.#{target_host}.

  • CVE-2014-4995HigJan 10, 2018
    affected <= 0.2

    Race condition in lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to obtain sensitive information by reading the MySQL root password from a temporary file before it is removed.