---
gem: safemode
cve: 2016-3693
title: Safemode Gem for Ruby is vulnerable to information disclosure
date: 2016-04-20
url: http://seclists.org/oss-sec/2016/q2/119
description: |
  Safemode is initialised with an optional 'delegate' object.
  If the delegated object is a Rails controller, 'inspect' could
  be called which then exposes all informations about the App,
  including routes, secret tokens, caches and so on.
patched_versions:
  - ">= 1.2.4"