---
gem: fat_free_crm
osvdb: 101700
cve: 2013-7249
url: http://osvdb.org/show/osvdb/101700
title: Fat Free CRM Gem for Ruby allows remote attackers to obtain
  sensitive informations
date: 2013-12-24
description: |
  Fat Free CRM contains a flaw that is triggered when the attacker sends a
  direct request for XML data. This may allow a remote attacker to gain
  access to potentially sensitive information.
cvss_v2: 5.0
patched_versions:
  - ">= 0.13.0"
  - "~> 0.12.1"