Airbrake Ruby Notifier 4.2.3 Vulnerability: Unauthorized Disclosure of Passwords
CVE-2019-16060 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
The Airbrake Ruby notifier 4.2.3 for Airbrake mishandles the blacklist_keys configuration option and consequently may disclose passwords to unauthorized actors. This is fixed in 4.2.4 (also, 4.2.2 and earlier are unaffected).
Learn more about our Web Application Penetration Testing UK.