Command injection

vm2 is a sandbox that can run untrusted code with Node's built-in modules. In versions 3.9.17 and lower of vm2 it was possible to get a read-write reference to the node inspect method and edit options for console.log. As a result a threat actor can edit options for the console.log command. This...

CVE-2023-32313 Inspect method manipulation in vm2

vm2 is a sandbox that can run untrusted code with Node's built-in modules. In versions 3.9.17 and lower of vm2 it was possible to get a read-write reference to the node inspect method and edit options for console.log. As a result a threat actor can edit options for the console.log command. This...

Moderate severity vulnerability that affects safemode

Withdrawn, accidental duplicate publish. The Safemode gem before 1.2.4 for Ruby, when initialized with a delegate object that is a Rails controller, allows context-dependent attackers to obtain sensitive information via the inspect method...

CVE-2016-3693

The Safemode gem before 1.2.4 for Ruby, when initialized with a delegate object that is a Rails controller, allows context-dependent attackers to obtain sensitive information via the inspect method...

Information disclosure

The Safemode gem before 1.2.4 for Ruby, when initialized with a delegate object that is a Rails controller, allows context-dependent attackers to obtain sensitive information via the inspect method...

PT-2016-5662 · Ruby · Safemode

Name of the Vulnerable Software and Affected Versions: Safemode gem versions prior to 1.2.4 Description: The issue allows context-dependent attackers to obtain sensitive information via the inspect method when the Safemode gem is initialized with a delegate object that is a Rails controller...