consul 1.0.2
1 security vulnerability
found in version
1.0.2
Consul gem insufficient authentication check - Multiple powers in one controller are not always checked correctly
critical severity CVE-2019-16377
critical severity
CVE-2019-16377
Patched versions:
>= 1.0.3
With the consul ruby gem before 1.0.3, if a controller checks multiple powers
using :if
or :except
conditions, these conditions are erroneously applied
to all power checks in that controller. This can lead to skipped power checks
and hence unauthenticated access to certain controller actions.
No officially reported memory leakage issues detected.
This gem version does not have any officially reported memory leaked issues.
No license issues detected.
This gem version has a license in the gemspec.
This gem version is available.
This gem version has not been yanked and is still available for usage.