Skip to content

Commit 1593cf5

Browse files
author
RubySec CI
committed
Updated advisory posts against rubysec/ruby-advisory-db@96ce851 
1 parent abdd35a commit 1593cf5

File tree

1 file changed

+24
-0
lines changed

1 file changed

+24
-0
lines changed

advisories/_posts/2016-04-20-CVE-2016-3693.md

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,24 @@
1+
---
2+
layout: advisory
3+
title: ! 'CVE-2016-3693: Safemode Gem for Ruby is vulnerable to information disclosure'
4+
comments: false
5+
categories:
6+
- safemode
7+
advisory:
8+
gem: safemode
9+
cve: 2016-3693
10+
title: Safemode Gem for Ruby is vulnerable to information disclosure
11+
date: 2016-04-20
12+
url: http://seclists.org/oss-sec/2016/q2/119
13+
description: ! 'Safemode is initialised with an optional ''delegate'' object.
14+
15+
If the delegated object is a Rails controller, ''inspect'' could
16+
17+
be called which then exposes all informations about the App,
18+
19+
including routes, secret tokens, caches and so on.
20+
21+
'
22+
patched_versions:
23+
- ! '>= 1.2.4'
24+
---

0 commit comments

Comments
 (0)