Описание
rack-mini-profiler allows remote attackers to obtain sensitive information about allocated strings and objects
The rack-mini-profiler gem before 0.10.1 for Ruby allows remote attackers to obtain sensitive information about allocated strings and objects by leveraging incorrect ordering of security checks.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2016-4442
- https://github.com/MiniProfiler/rack-mini-profiler/commit/4273771d65f1a7411e3ef5843329308d0e2d257c
- https://github.com/MiniProfiler/rack-mini-profiler
- https://github.com/MiniProfiler/rack-mini-profiler/blob/v0.10.1/CHANGELOG.md
- http://www.openwall.com/lists/oss-security/2016/06/10/2
Пакеты
Наименование
rack-mini-profiler
rubygems
Затронутые версииВерсия исправления
< 0.10.1
0.10.1
Связанные уязвимости
CVSS3: 5.3
nvd
почти 9 лет назад
The rack-mini-profiler gem before 0.10.1 for Ruby allows remote attackers to obtain sensitive information about allocated strings and objects by leveraging incorrect ordering of security checks.