Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 10 Jun 2016 16:10:29 +1000
From: Sam Saffron <sam.saffron@...il.com>
To: oss-security@...ts.openwall.com
Subject: Ruby gem rack-mini-profiler CVE-2016-4442

https://github.com/MiniProfiler/rack-mini-profiler

https://rubygems.org/gems/rack-mini-profiler/

Description: Carefully crafted requests can expose information about
strings and objects allocated during the request for unauthorised
users.

Fixed in: https://github.com/MiniProfiler/rack-mini-profiler/commit/4273771d65f1a7411e3ef5843329308d0e2d257c

Released public fix in version: 0.10.


----

I am not sure how to go about announcing this CVE, where else to I
need to post this?

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ