CVE-2016-4442

Опубликовано: 02 мая 2017

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

The rack-mini-profiler gem before 0.10.1 for Ruby allows remote attackers to obtain sensitive information about allocated strings and objects by leveraging incorrect ordering of security checks.

Ссылки

http://www.openwall.com/lists/oss-security/2016/06/10/2
Mailing List
Patch
Third Party Advisory
https://github.com/MiniProfiler/rack-mini-profiler/blob/v0.10.1/CHANGELOG.md
Release Notes
Third Party Advisory
https://github.com/MiniProfiler/rack-mini-profiler/commit/4273771d65f1a7411e3ef5843329308d0e2d257c
Patch
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/06/10/2
Mailing List
Patch
Third Party Advisory
https://github.com/MiniProfiler/rack-mini-profiler/blob/v0.10.1/CHANGELOG.md
Release Notes
Third Party Advisory
https://github.com/MiniProfiler/rack-mini-profiler/commit/4273771d65f1a7411e3ef5843329308d0e2d257c
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:miniprofiler:rack-mini-profiler:*:*:*:*:*:ruby:*:*

Версия до 0.9.9.2 (включая)

EPSS

Процентиль: 51%

0.00282

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-j5hj-fhc9-g24m