Safemode Gem for Ruby is vulnerable to information disclosure

Metadata

medium
6.8
safemode
CVE-2016-3693
seclists.org
2016-04-20
2017-06-16 19:18
2017-04-01 19:10
2017-01-05 20:14

Description

Safemode is initialised with an optional 'delegate' object.
If the delegated object is a Rails controller, 'inspect' could
be called which then exposes all informations about the App,
including routes, secret tokens, caches and so on.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Package Patched in Unaffected in
safemode >= 1.2.4 None