---
gem: fat_free_crm
osvdb: 101447
cve: 2013-7224
url: http://osvdb.org/show/osvdb/101447
title: Fat Free CRM Gem for Ruby allows remote attackers to obtain
  sensitive informations
date: 2013-12-24
description: |
  Fat Free CRM contains a flaw in user controllers that is triggered as JSON
  requests are rendered with a full JSON object. This may allow a remote
  attacker to gain access to potentially sensitive information e.g. other
  users password hashes.
cvss_v2: 5.0
patched_versions:
  - ">= 0.13.0"
  - "~> 0.12.1"