Merge pull request #253 from skorth/add_safemode_ruby_gem

reedloden · reedloden · commit 96ce851b8387 · 2016-05-04T09:12:53.000-07:00
Add safemode ruby gem advisory
diff --git a/gems/safemode/CVE-2016-3693.yml b/gems/safemode/CVE-2016-3693.yml
@@ -0,0 +1,13 @@
+---
+gem: safemode
+cve: 2016-3693
+title: Safemode Gem for Ruby is vulnerable to information disclosure
+date: 2016-04-20
+url: http://seclists.org/oss-sec/2016/q2/119
+description: |
+  Safemode is initialised with an optional 'delegate' object.
+  If the delegated object is a Rails controller, 'inspect' could
+  be called which then exposes all informations about the App,
+  including routes, secret tokens, caches and so on.
+patched_versions:
+  - ">= 1.2.4"
