CVE-2016-4442

EUVD-2017-0257
The rack-mini-profiler gem before 0.10.1 for Ruby allows remote attackers to obtain sensitive information about allocated strings and objects by leveraging incorrect ordering of security checks.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
Affected Products (NVD)
VendorProductVersion
miniprofilerrack-mini-profiler
𝑥
≤ 0.9.9.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2016/06/10/2
https://github.com/MiniProfiler/rack-mini-profiler/blob/v0.10.1/CHANGELOG.md
https://github.com/MiniProfiler/rack-mini-profiler/commit/4273771d65f1a7411e3ef5843329308d0e2d257c
http://www.openwall.com/lists/oss-security/2016/06/10/2
https://github.com/MiniProfiler/rack-mini-profiler/blob/v0.10.1/CHANGELOG.md
https://github.com/MiniProfiler/rack-mini-profiler/commit/4273771d65f1a7411e3ef5843329308d0e2d257c