mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-30 18:04:30 +00:00
73 lines
2.2 KiB
JSON
73 lines
2.2 KiB
JSON
{
|
|
"CVE_data_meta" : {
|
|
"ASSIGNER" : "cve@mitre.org",
|
|
"ID" : "CVE-2014-4999",
|
|
"STATE" : "PUBLIC"
|
|
},
|
|
"affects" : {
|
|
"vendor" : {
|
|
"vendor_data" : [
|
|
{
|
|
"product" : {
|
|
"product_data" : [
|
|
{
|
|
"product_name" : "n/a",
|
|
"version" : {
|
|
"version_data" : [
|
|
{
|
|
"version_value" : "n/a"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name" : "n/a"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format" : "MITRE",
|
|
"data_type" : "CVE",
|
|
"data_version" : "4.0",
|
|
"description" : {
|
|
"description_data" : [
|
|
{
|
|
"lang" : "eng",
|
|
"value" : "vendor/plugins/dataset/lib/dataset/database/mysql.rb in the kajam gem 1.0.3.rc2 for Ruby places the mysql user password on the (1) mysqldump command line in the capture function and (2) mysql command line in the restore function, which allows local users to obtain sensitive information by listing the process."
|
|
}
|
|
]
|
|
},
|
|
"problemtype" : {
|
|
"problemtype_data" : [
|
|
{
|
|
"description" : [
|
|
{
|
|
"lang" : "eng",
|
|
"value" : "n/a"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references" : {
|
|
"reference_data" : [
|
|
{
|
|
"name" : "[oss-security] 20140707 Vulnerability Report for Ruby Gem kajam-1.0.3.rc2",
|
|
"refsource" : "MLIST",
|
|
"url" : "http://www.openwall.com/lists/oss-security/2014/07/07/19"
|
|
},
|
|
{
|
|
"name" : "[oss-security] 20140717 Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.)",
|
|
"refsource" : "MLIST",
|
|
"url" : "http://www.openwall.com/lists/oss-security/2014/07/17/5"
|
|
},
|
|
{
|
|
"name" : "http://www.vapid.dhs.org/advisories/kajam-1.0.3.rc2.html",
|
|
"refsource" : "MISC",
|
|
"url" : "http://www.vapid.dhs.org/advisories/kajam-1.0.3.rc2.html"
|
|
}
|
|
]
|
|
}
|
|
}
|