Описание
The Safemode gem before 1.2.4 for Ruby, when initialized with a delegate object that is a Rails controller, allows context-dependent attackers to obtain sensitive information via the inspect method.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.2.3 (включая)
cpe:2.3:a:safemode_project:safemode:*:*:*:*:*:ruby:*:*
EPSS
Процентиль: 72%
0.00728
Низкий
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
CVSS3: 3.1
redhat
почти 10 лет назад
The Safemode gem before 1.2.4 for Ruby, when initialized with a delegate object that is a Rails controller, allows context-dependent attackers to obtain sensitive information via the inspect method.
CVSS3: 8.1
debian
больше 9 лет назад
The Safemode gem before 1.2.4 for Ruby, when initialized with a delega ...
CVSS3: 8.1
github
больше 8 лет назад
safemode gem allows context-dependent attackers to obtain sensitive information via the inspect method
EPSS
Процентиль: 72%
0.00728
Низкий
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-200