Rubysec

Providing security resources for the Ruby community.
Follow us @rubysec or email us via info at rubysec.com

Advisory Archive

Back

---
gem: rack-mini-profiler
date: 2016-05-18
url: https://github.com/MiniProfiler/rack-mini-profiler/commit/4273771d65f1a7411e3ef5843329308d0e2d257c
cve: 2016-4442
title: rack-mini-profiler may disclose information to unauthorized users
description: Carefully crafted requests can expose information about strings and objects
  allocated during the request for unauthorised users.
patched_versions:
- ">= 0.10.1"
related:
  url: '["http://seclists.org/oss-sec/2016/q2/516"]'