VulnerableCode Package Details - pkg:gem/safemode@1.2.4

Search for packages

Vulnerability	Summary	Fixed by
VCID-6sgh-v5u7-w3h9 Aliases: CVE-2017-7540 GHSA-5vx5-9q73-wgp4	Safe mode bypassing Safemode is vulnerable to bypassing safe mode limitations via special Ruby syntax. This can lead to deletion of objects for which the user does not have delete-permissions or possibly to privilege escalation.	1.3.2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1.3.4 Affected by 0 other vulnerabilities.
VCID-96hp-qxsu-rqa2 Aliases: GHSA-8474-rc7c-wrhp	High severity vulnerability that affects safemode Withdrawn, accidental duplicate publish. The safemode rubygem, as used in Foreman, versions 1.3.2 and earlier are vulnerable to bypassing safe mode limitations via special Ruby syntax. This can lead to deletion of objects for which the user does not have delete permissions or possibly to privilege escalation.	1.3.3 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-6sgh-v5u7-w3h9
Aliases:
CVE-2017-7540
GHSA-5vx5-9q73-wgp4

Safe mode bypassing Safemode is vulnerable to bypassing safe mode limitations via special Ruby syntax. This can lead to deletion of objects for which the user does not have delete-permissions or possibly to privilege escalation.

1.3.2
Affected by 2 other vulnerabilities.

1.3.4
Affected by 0 other vulnerabilities.

VCID-96hp-qxsu-rqa2
Aliases:
GHSA-8474-rc7c-wrhp

High severity vulnerability that affects safemode Withdrawn, accidental duplicate publish. The safemode rubygem, as used in Foreman, versions 1.3.2 and earlier are vulnerable to bypassing safe mode limitations via special Ruby syntax. This can lead to deletion of objects for which the user does not have delete permissions or possibly to privilege escalation.

1.3.3
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-6hub-g2ja-afaw	Information disclosure vulnerability safemode for Ruby, when initialized with a delegate object that is a Rails controller, allows context-dependent attackers to obtain sensitive information via the inspect method.	CVE-2016-3693 GHSA-c92m-rrrc-q5wf
VCID-ty6t-p6kh-z7ap	Moderate severity vulnerability that affects safemode Withdrawn, accidental duplicate publish. The Safemode gem before 1.2.4 for Ruby, when initialized with a delegate object that is a Rails controller, allows context-dependent attackers to obtain sensitive information via the inspect method.	GHSA-44vc-fpcg-5cc5

Vulnerability

Summary

Aliases

VCID-6hub-g2ja-afaw

Information disclosure vulnerability safemode for Ruby, when initialized with a delegate object that is a Rails controller, allows context-dependent attackers to obtain sensitive information via the inspect method.

CVE-2016-3693
GHSA-c92m-rrrc-q5wf

VCID-ty6t-p6kh-z7ap

Moderate severity vulnerability that affects safemode Withdrawn, accidental duplicate publish. The Safemode gem before 1.2.4 for Ruby, when initialized with a delegate object that is a Rails controller, allows context-dependent attackers to obtain sensitive information via the inspect method.

GHSA-44vc-fpcg-5cc5

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T01:22:15.052981+00:00	GHSA Importer	Fixing	VCID-ty6t-p6kh-z7ap	https://github.com/advisories/GHSA-44vc-fpcg-5cc5	38.4.0
2026-04-16T01:22:14.955550+00:00	GHSA Importer	Affected by	VCID-96hp-qxsu-rqa2	https://github.com/advisories/GHSA-8474-rc7c-wrhp	38.4.0
2026-04-11T21:48:05.674018+00:00	GitLab Importer	Affected by	VCID-6sgh-v5u7-w3h9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/safemode/CVE-2017-7540.yml	38.3.0
2026-04-11T21:44:28.371476+00:00	GitLab Importer	Fixing	VCID-6hub-g2ja-afaw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/safemode/CVE-2016-3693.yml	38.3.0
2026-04-11T12:51:20.502277+00:00	GHSA Importer	Fixing	VCID-ty6t-p6kh-z7ap	https://github.com/advisories/GHSA-44vc-fpcg-5cc5	38.3.0
2026-04-11T12:51:20.403965+00:00	GHSA Importer	Affected by	VCID-96hp-qxsu-rqa2	https://github.com/advisories/GHSA-8474-rc7c-wrhp	38.3.0
2026-04-02T22:01:59.614232+00:00	GitLab Importer	Affected by	VCID-6sgh-v5u7-w3h9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/safemode/CVE-2017-7540.yml	38.1.0
2026-04-02T21:58:33.736860+00:00	GitLab Importer	Fixing	VCID-6hub-g2ja-afaw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/safemode/CVE-2016-3693.yml	38.1.0
2026-04-02T13:44:41.857187+00:00	GHSA Importer	Fixing	VCID-ty6t-p6kh-z7ap	https://github.com/advisories/GHSA-44vc-fpcg-5cc5	38.1.0
2026-04-02T13:44:41.803336+00:00	GHSA Importer	Affected by	VCID-96hp-qxsu-rqa2	https://github.com/advisories/GHSA-8474-rc7c-wrhp	38.1.0
2026-04-01T16:19:12.204301+00:00	GitLab Importer	Affected by	VCID-6sgh-v5u7-w3h9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/safemode/CVE-2017-7540.yml	38.0.0
2026-04-01T15:56:36.011848+00:00	GHSA Importer	Fixing	VCID-ty6t-p6kh-z7ap	https://github.com/advisories/GHSA-44vc-fpcg-5cc5	38.0.0
2026-04-01T15:56:12.786674+00:00	GHSA Importer	Fixing	VCID-6hub-g2ja-afaw	https://github.com/advisories/GHSA-c92m-rrrc-q5wf	38.0.0
2026-04-01T13:03:50.675548+00:00	GithubOSV Importer	Fixing	VCID-ty6t-p6kh-z7ap	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/08/GHSA-44vc-fpcg-5cc5/GHSA-44vc-fpcg-5cc5.json	38.0.0
2026-04-01T12:54:15.407836+00:00	GithubOSV Importer	Fixing	VCID-6hub-g2ja-afaw	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-c92m-rrrc-q5wf/GHSA-c92m-rrrc-q5wf.json	38.0.0
2026-04-01T12:47:03.351544+00:00	GitLab Importer	Fixing	VCID-6hub-g2ja-afaw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/safemode/CVE-2016-3693.yml	38.0.0