CVE-2016-3693: Information disclosure vulnerability

May 20, 2016 (updated February 23, 2018)

safemode for Ruby, when initialized with a delegate object that is a Rails controller, allows context-dependent attackers to obtain sensitive information via the inspect method.

References

rubysec.com/advisories/CVE-2016-3693/
seclists.org/oss-sec/2016/q2/119
github.com/svenfuchs/safemode/commit/0f764a1720a3a68fd2842e21377c8bfad6d7126f
nvd.nist.gov/vuln/detail/CVE-2016-3693

Detect and mitigate CVE-2016-3693 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →