Information Exposure Affecting mechanize package, versions <2.7.4
Snyk CVSS
Attack Complexity
High
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-RUBY-MECHANIZE-20364
- published 8 May 2017
- disclosed 15 Nov 2015
- credit Akinori MUSHA
How to fix?
Upgrade mechanize to version 2.7.4 or higher.
Overview
mechanize is used for automating interaction with websites.
Affected versions of the package are vulnerable to Information Exposure. The redirected url was not validated to not redirect to a file URI.