RubySec

Providing security resources for the Ruby community

CVE-2016-4442 (rack-mini-profiler): rack-mini-profiler may disclose information to unauthorized users

rack-mini-profiler may disclose information to unauthorized users

Published: May 18, 2016

SECURITY IDENTIFIERS

GEM

rack-mini-profiler

SEVERITY

CVSS v3.x: 5.3 (Medium)

PATCHED VERSIONS

>= 0.10.1

DESCRIPTION

Carefully crafted requests can expose information about strings and objects allocated during the request for unauthorised users.

RELATED