Command injection

vm2 is a sandbox that can run untrusted code with Node's built-in modules. In versions 3.9.17 and lower of vm2 it was possible to get a read-write reference to the node inspect method and edit options for console.log. As a result a threat actor can edit options for the console.log command. This...

CVE-2023-32313 Inspect method manipulation in vm2

vm2 is a sandbox that can run untrusted code with Node's built-in modules. In versions 3.9.17 and lower of vm2 it was possible to get a read-write reference to the node inspect method and edit options for console.log. As a result a threat actor can edit options for the console.log command. This...

PT-2023-23723

Name of the Vulnerable Software and Affected Versions vm2 versions 3.9.17 and lower Description The issue allows a threat actor to get a read-write reference to the node inspect method and edit options for console.log, resulting in the ability to edit options for the console.log command. This was...

Moderate severity vulnerability that affects safemode

Withdrawn, accidental duplicate publish. The Safemode gem before 1.2.4 for Ruby, when initialized with a delegate object that is a Rails controller, allows context-dependent attackers to obtain sensitive information via the inspect method...

CVE-2016-3693

The Safemode gem before 1.2.4 for Ruby, when initialized with a delegate object that is a Rails controller, allows context-dependent attackers to obtain sensitive information via the inspect method...

Information disclosure

The Safemode gem before 1.2.4 for Ruby, when initialized with a delegate object that is a Rails controller, allows context-dependent attackers to obtain sensitive information via the inspect method...

PT-2016-5662 · Ruby · Safemode

Name of the Vulnerable Software and Affected Versions: Safemode gem versions prior to 1.2.4 Description: The issue allows context-dependent attackers to obtain sensitive information via the inspect method when the Safemode gem is initialized with a delegate object that is a Rails controller...