<p>Upgrade <code>pageflow</code> to version 14.5.2, 15.7.1 or higher.</p>

Information Exposure Affecting pageflow package, versions <14.5.2 >=15.0.0, <15.7.1

Snyk CVSS

Attack Complexity Low

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-RUBY-PAGEFLOW-3024401
published 15 Sep 2022
disclosed 15 Sep 2022
credit Unknown

Report a new vulnerability Found a mistake?

Introduced: 15 Sep 2022

CWE-200 Open this link in a new tab

How to fix?

Upgrade pageflow to version 14.5.2, 15.7.1 or higher.

Overview

Affected versions of this package are vulnerable to Information Exposure via *_starts_with, *_ends_with or *_contains search matchers which can be abused to exfiltrate sensitive string values of associated database objects via character-by-character brute-force.

References

GitHub Commit
GitHub Commit
GitHub PR