Search for vulnerabilities
| Vulnerability ID | VCID-96hp-qxsu-rqa2 |
| Aliases |
GHSA-8474-rc7c-wrhp
|
| Summary | High severity vulnerability that affects safemode Withdrawn, accidental duplicate publish. The safemode rubygem, as used in Foreman, versions 1.3.2 and earlier are vulnerable to bypassing safe mode limitations via special Ruby syntax. This can lead to deletion of objects for which the user does not have delete permissions or possibly to privilege escalation. |
| Status | Published |
| Exploitability | 0.5 |
| Weighted Severity | 8.0 |
| Risk | 4.0 |
| Affected and Fixed Packages | Package Details |
| There are no known CWE. |
| System | Score | Found at |
|---|---|---|
| cvssv3.1_qr | HIGH | https://github.com/advisories/GHSA-8474-rc7c-wrhp |
| generic_textual | HIGH | https://github.com/advisories/GHSA-8474-rc7c-wrhp |
| generic_textual | HIGH | https://nvd.nist.gov/vuln/detail/CVE-2017-7540 |
| Reference id | Reference type | URL |
|---|---|---|
| https://github.com/advisories/GHSA-8474-rc7c-wrhp | ||
| https://nvd.nist.gov/vuln/detail/CVE-2017-7540 |
No EPSS data available for this vulnerability.
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2026-04-01T13:03:50.634824+00:00 | GithubOSV Importer | Import | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/08/GHSA-8474-rc7c-wrhp/GHSA-8474-rc7c-wrhp.json | 38.0.0 |