CVE-2016-4442

MEDIUM

Rack-Mini-Profiler <0.10.1 - Info Disclosure

Title source: llm

Description

The rack-mini-profiler gem before 0.10.1 for Ruby allows remote attackers to obtain sensitive information about allocated strings and objects by leveraging incorrect ordering of security checks.

References (3)

[Mailing List, Patch, Third Party Advisory] http://www.openwall.com/lists/oss-security/2016/06/10/2

[Release Notes, Third Party Advisory] https://github.com/MiniProfiler/rack-mini-profiler/blob/v0.10.1/CHANGELOG.md

[Patch, Third Party Advisory] https://github.com/MiniProfiler/rack-mini-profiler/commit/4273771d65f1a7411e3ef5843329308d0e2d257c

Scores

CVSS v3 5.3

EPSS 0.0028

EPSS Percentile 51.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-200

Status published

Affected Products (3)

miniprofiler/rack-mini-profiler < 0.9.9.2

rubygems/rack-mini-profiler < 0.10.1RubyGems

n/a/n/a

Timeline

Published May 02, 2017

Tracked Since Feb 18, 2026