safemode
RubyGems2 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting safemodepage 1 of 1
- CVE-2016-3693HIGHCVSS 8.1EG 8.1✓ Fixed in 1.2.42016-05-20
vulnerable: 0.0.2 ... 1.2.3 (9 versions)
The Safemode gem before 1.2.4 for Ruby, when initialized with a delegate object that is a Rails controller, allows context-dependent attackers to obtain sensitive information via the inspect method.
- CVE-2017-7540CRITICALCVSS 9.8EG 9.8✓ Fixed in 1.3.22017-07-21
vulnerable: 0.0.2 ... 1.3.1 (12 versions)
rubygem-safemode, as used in Foreman, versions 1.3.2 and earlier are vulnerable to bypassing safe mode limitations via special Ruby syntax. This can lead to deletion of objects for which the user does not have delete permissions or possibl…
Check whether safemode is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for safemode CVEs against the assets you own.
Start Free Scan →