Title:Paratrooper-newrelic 1.0.1 Ruby Gem exposes API keyFrom paratrooper-newrelic-1.0.1/lib/paratrooper-newrelic.rb: lines 25 and 29 expose the API key to the command line where a malicious user can monitor the process tree and steal the login credentials. 24 def setup(options = {}) 25 %x[curl https://heroku.newrelic.com/accounts/#{account_id}/applications/#{application_id}/ping_targets/disable -X POST -H "X-Api-Key: {api_key} "] 26 end 27 28 def teardown(options = {}) 29 %x[curl https://heroku.newrelic.com/accounts/#{account_id}/applications/#{application_id}/ping_targets/enable -X POST -H "X-Api-Key: #{api_key}" ] 30 end