oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Ruby gem rack-mini-profiler CVE-2016-4442

From: Sam Saffron <sam.saffron () gmail com>
Date: Fri, 10 Jun 2016 16:10:29 +1000
https://github.com/MiniProfiler/rack-mini-profiler

https://rubygems.org/gems/rack-mini-profiler/

Description: Carefully crafted requests can expose information about
strings and objects allocated during the request for unauthorised
users.

Fixed in: https://github.com/MiniProfiler/rack-mini-profiler/commit/4273771d65f1a7411e3ef5843329308d0e2d257c

Released public fix in version: 0.10.


----

I am not sure how to go about announcing this CVE, where else to I
need to post this?
Previous By Date Next
Previous By Thread Next

Current thread: