ADVISORIES
GEM
SEVERITY
CVSS v3.x: 8.1 (High)
PATCHED VERSIONS
- >= 1.2.4
DESCRIPTION
Safemode is initialised with an optional 'delegate' object. If the delegated object is a Rails controller, 'inspect' could be called which then exposes all informations about the App, including routes, secret tokens, caches and so on.