AIKIDO-2024-10421

rspec-its is vulnerable to Access to Critical Private Variable via Public Method

Medium

rspec-its ruby

AIKIDO-2024-10421: rspec-its is vulnerable to Access to Critical Private Variable via Public Method in versions 1.0.0 - 1.3.1.

Access to Critical Private Variable via Public Method

Vuln in 1.0.0 - 1.3.1

Fixed in 2.0.0

No CVE available

TL;DR

Affected versions of the package are vulnerable to access to private variable via public method because it does not use public_send when exposing object's methods.

Who does this affect?

You're affected if you are using a version which is within vulnerability ranges.

How can it be fixed?

Upgrade rspec-its library to patch version.

Background info

Link to vendor website

🇪🇺 Grauwpoort 1, 9000 Ghent, Belgium

🇺🇸 95 Third St, 2nd Fl, San Francisco, CA 94103, US

AIKIDO-2024-10421

rspec-its is vulnerable to Access to Critical Private Variable via Public Method

rspec-its ruby

AIKIDO-2024-10421: rspec-its is vulnerable to Access to Critical Private Variable via Public Method in versions 1.0.0 - 1.3.1.

Don’t be left in the dark