Home > Vulnerability Database > WS-2017-0215

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

WS-2017-0215

Good to know:

Date: April 19, 2015

Affected versions of the package are vulnerable to Information Exposure.

Language: Ruby

Severity Score

5.3

Related Resources (3)

Url: https://github.com/nanoc/nanoc/commit/0e7cdad97091ed48a642d1d3239f2ec38cd2a287

Url: https://github.com/nanoc/nanoc/issues/542

Url: https://www.mend.io/vulnerability-database/WS-2017-0215

Severity Score

5.3

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

Top Fix

Upgrade Version

Upgrade to version nanoc - 3.8.0;nanoc - 3.6.10.1

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Do you need more information?

Contact Us