CVE List


Critical 9.8

The Airbrake Ruby notifier 4.2.3 for Airbrake mishandles the blacklist_keys configuration option and consequently may disclose passwords to unauthorized actors. This is fixed in 4.2.4 (also, 4.2.2 and earlier are unaffected).

Published September 6, 2019.

Affected software

Airbrake Airbrake Ruby

Reference links

Sign Up for Alerts