CVE-2013-0284

NONE
Published Apr 9, 201313y ago · Modified Jun 16, 20262w ago
Find Similar
Published Apr 9, 2013 13y ago
Last Modified Jun 16, 2026 2w ago

Description

Ruby agent 3.2.0 through 3.5.2 serializes sensitive data when communicating with servers operated by New Relic, which allows remote attackers to obtain sensitive information (database credentials and SQL statements) by sniffing the network and deserializing the data.

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Information Exposure

Affected Products 19

VendorProductVersionRange
newrelicruby_agent3.2.0any
newrelicruby_agent3.3.0any
newrelicruby_agent3.3.1any
newrelicruby_agent3.3.2any
newrelicruby_agent3.3.2.1any
newrelicruby_agent3.3.3any
newrelicruby_agent3.3.4any
newrelicruby_agent3.3.4.1any
newrelicruby_agent3.3.5any
newrelicruby_agent3.4.0any
newrelicruby_agent3.4.0.1any
newrelicruby_agent3.4.1any
newrelicruby_agent3.4.2any
newrelicruby_agent3.4.2.1any
newrelicruby_agent3.5.0any
newrelicruby_agent3.5.0.1any
newrelicruby_agent3.5.1any
newrelicruby_agent3.5.1.14any
newrelicruby_agent3.5.2any

References 2

  • seclists.org http://seclists.org/oss-sec/2013/q1/304
  • newrelic.com https://newrelic.com/docs/ruby/ruby-agent-security-notification
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.