CVE-2015-2179

Name of the Vulnerable Software and Affected Versions xaviershay-dm-rails gem version 0.10.3.8

Description The issue allows local users to discover MySQL credentials by listing a process and its arguments. This is due to a flaw in the execute() function in the /datamapper/dm-rails/blob/master/lib/dm-rails/storage.rb file, which exposes sensitive information via the process table. A local attack may gain access to MySQL credential information.

Recommendations For xaviershay-dm-rails gem version 0.10.3.8, consider disabling the execute() function in the /datamapper/dm-rails/blob/master/lib/dm-rails/storage.rb file as a temporary workaround until a patch is available. Restrict access to sensitive information to minimize the risk of exploitation.