Date: Fri, 10 Jun 2016 16:10:29 +1000 From: Sam Saffron <sam.saffron@...il.com> To: oss-security@...ts.openwall.com Subject: Ruby gem rack-mini-profiler CVE-2016-4442 https://github.com/MiniProfiler/rack-mini-profiler https://rubygems.org/gems/rack-mini-profiler/ Description: Carefully crafted requests can expose information about strings and objects allocated during the request for unauthorised users. Fixed in: https://github.com/MiniProfiler/rack-mini-profiler/commit/4273771d65f1a7411e3ef5843329308d0e2d257c Released public fix in version: 0.10. ---- I am not sure how to go about announcing this CVE, where else to I need to post this?
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ