Information Exposure Affecting rack-mini-profiler package, versions < 0.10.1

Snyk CVSS

Attack Complexity Low

Threat Intelligence

EPSS 0.21% (60^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-RUBY-RACKMINIPROFILER-20267
published 17 May 2016
disclosed 17 May 2016
credit Unknown

Report a new vulnerability Found a mistake?

Introduced: 17 May 2016

CVE-2016-4442 Open this link in a new tab CWE-200 Open this link in a new tab

Overview

rack-mini-profiler is a profiling toolkit for Rack applications with Rails integration. Affected versions of this gem are vulnerable to information exposure via carefully crafted requests. Attackers and unauthorized users can get ahold of strings and objects allocated during the request.

References

http://rubysec.com/advisories/CVE-2016-4442
https://github.com/MiniProfiler/rack-mini-profiler/commit/4273771d65f1a7411e3ef5843329308d0e2d257c