oss-sec mailing list archives
Ruby gem rack-mini-profiler CVE-2016-4442
From: Sam Saffron <sam.saffron () gmail com>
Date: Fri, 10 Jun 2016 16:10:29 +1000
https://github.com/MiniProfiler/rack-mini-profiler https://rubygems.org/gems/rack-mini-profiler/ Description: Carefully crafted requests can expose information about strings and objects allocated during the request for unauthorised users. Fixed in: https://github.com/MiniProfiler/rack-mini-profiler/commit/4273771d65f1a7411e3ef5843329308d0e2d257c Released public fix in version: 0.10. ---- I am not sure how to go about announcing this CVE, where else to I need to post this?
Current thread:
- Ruby gem rack-mini-profiler CVE-2016-4442 Sam Saffron (Jun 10)
- Re: Ruby gem rack-mini-profiler CVE-2016-4442 Reed Loden (Jun 10)