Sha256: e418c43d2cad8c1aecc312ab850114ff2c1121c9c0eae4895f8a56a07cf2f795

Contents?: true

Size: 455 Bytes

Versions: 5

Compression:

Stored size: 455 Bytes

Contents

---
gem: safemode
cve: 2016-3693
title: Safemode Gem for Ruby is vulnerable to information disclosure
date: 2016-04-20
url: http://seclists.org/oss-sec/2016/q2/119
description: |
  Safemode is initialised with an optional 'delegate' object.
  If the delegated object is a Rails controller, 'inspect' could
  be called which then exposes all informations about the App,
  including routes, secret tokens, caches and so on.
patched_versions:
  - ">= 1.2.4"

Version data entries

5 entries across 5 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/safemode/CVE-2016-3693.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/safemode/CVE-2016-3693.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/safemode/CVE-2016-3693.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/safemode/CVE-2016-3693.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/safemode/CVE-2016-3693.yml