CVE-2013-7111: Exposure of Sensitive Information in bio-basespace-sdk
5
CVSS Score
Basic Information
CVE ID
GHSA ID
EPSS Score
0.51334%
CWE
Published
10/24/2017
Updated
11/10/2023
KEV Status
No
Technology
Ruby
Technical Details
CVSS Vector
AV:N/AC:L/Au:N/C:P/I:N/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
bio-basespace-sdk | rubygems | <= 0.1.7 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability documentation explicitly identifies the put_call function in api_client.rb as the source of exposure. The function uses shell command interpolation (%x{curl ...}) with the API_KEY as a command-line parameter, which is visible in process listings. Multiple independent sources (CVE, GHSA, and original advisory) corroborate this specific function as the vulnerability vector. No other functions are mentioned in the provided evidence.