CVE-2016-3693

Published: May 20, 2016

Modified: Aug 6, 2024

PUBLISHED

Description

The Safemode gem before 1.2.4 for Ruby, when initialized with a delegate object that is a Rails controller, allows context-dependent attackers to obtain sensitive information via the inspect method.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/theforeman/foreman/commit/82f9b93c54f72c5814df6bab7fad057eab65b2f2

x_refsource_CONFIRM

http://theforeman.org/security.html#2016-3693

x_refsource_CONFIRM

RHSA-2018:0336

vendor-advisory

x_refsource_REDHAT

[oss-security] 20160420 CVE-2016-3693: Foreman application information leakage through templates

mailing-list

x_refsource_MLIST

http://rubysec.com/advisories/CVE-2016-3693/

x_refsource_CONFIRM

https://github.com/svenfuchs/safemode/commit/0f764a1720a3a68fd2842e21377c8bfad6d7126f

x_refsource_CONFIRM

http://projects.theforeman.org/issues/14635

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2016-3693

Description

Affected Products

References