CVE-2013-0284
New Relic Ruby Agent 3.2.0-3.5.2 - Exposure of Sensitive Information via Network Serialization
Title source: llmDescription
Ruby agent 3.2.0 through 3.5.2 serializes sensitive data when communicating with servers operated by New Relic, which allows remote attackers to obtain sensitive information (database credentials and SQL statements) by sniffing the network and deserializing the data.
References (2)
Core 2
Core References
Mailing List mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2013/q1/304
Vendor Advisory x_refsource_confirm
https://newrelic.com/docs/ruby/ruby-agent-security-notification
Scores
EPSS
0.0025
EPSS Percentile
48.3%
Details
CWE
CWE-200
Status
published
Products (20)
newrelic/ruby_agent
3.2.0
newrelic/ruby_agent
3.3.0
newrelic/ruby_agent
3.3.1
newrelic/ruby_agent
3.3.2
newrelic/ruby_agent
3.3.2.1
newrelic/ruby_agent
3.3.3
newrelic/ruby_agent
3.3.4
newrelic/ruby_agent
3.3.4.1
newrelic/ruby_agent
3.3.5
newrelic/ruby_agent
3.4.0
... and 10 more
Published
Apr 09, 2013
Tracked Since
Feb 18, 2026