---
gem: safemode
cve: 2017-7540
title: Safemode Gem for Ruby is vulnerable to bypassing safe mode limitations
date: 2017-04-05
url: https://nvd.nist.gov/vuln/detail/CVE-2017-7540
description: |
  Safemode, as used in Foreman, versions 1.3.2 and earlier are vulnerable 
  to bypassing safe mode limitations via special Ruby syntax. This can
  lead to deletion of objects for which the user does not have delete 
  permissions or possibly to privilege escalation.
patched_versions:
  - ">= 1.3.3"
related:
  url:
    - https://github.com/svenfuchs/safemode/pull/23