Lucene search
K

7 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-0213

Malware in sbrugna...

8.1CVSS8AI score0.02131EPSS
Exploits0References11
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.26 views

Safemode Gem Has Incomplete List of Disallowed Inputs

rubygem-safemode, as used in Foreman, versions 1.3.1 and earlier are vulnerable to bypassing safe mode limitations via special Ruby syntax. This can lead to deletion of objects for which the user does not have delete permissions or possibly to privilege escalation...

9.8CVSS9.2AI score0.01627EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2016/05/20 2:59 p.m.10 views

CVE-2016-3693

The Safemode gem before 1.2.4 for Ruby, when initialized with a delegate object that is a Rails controller, allows context-dependent attackers to obtain sensitive information via the inspect method...

8.1CVSS7.8AI score0.02131EPSS
Exploits0References7
NVD
NVD
added 2016/05/20 2:59 p.m.14 views

CVE-2016-3693

The Safemode gem before 1.2.4 for Ruby, when initialized with a delegate object that is a Rails controller, allows context-dependent attackers to obtain sensitive information via the inspect method...

8.1CVSS7.9AI score0.02131EPSS
Exploits0References7
Prion
Prion
added 2016/05/20 2:59 p.m.16 views

Information disclosure

The Safemode gem before 1.2.4 for Ruby, when initialized with a delegate object that is a Rails controller, allows context-dependent attackers to obtain sensitive information via the inspect method...

6.8CVSS6.5AI score0.02131EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2016/05/20 2:0 p.m.25 views

CVE-2016-3693

The Safemode gem before 1.2.4 for Ruby, when initialized with a delegate object that is a Rails controller, allows context-dependent attackers to obtain sensitive information via the inspect method...

7.8AI score0.02131EPSS
Exploits0References7
RubySec
RubySec
added 2016/04/20 12:0 a.m.22 views

Safemode Gem for Ruby is vulnerable to information disclosure

Safemode is initialised with an optional 'delegate' object. If the delegated object is a Rails controller, 'inspect' could be called which then exposes all informations about the App, including routes, secret tokens, caches and so on...

8.1CVSS6.9AI score0.02131EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder