CVE-2017-7540

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.1790%

EPSS Percentile13.25th

Published2017年7月21日

Last Modified2026年5月13日

Vulnerability Description

rubygem-safemode, as used in Foreman, versions 1.3.2 and earlier are vulnerable to bypassing safe mode limitations via special Ruby syntax. This can lead to deletion of objects for which the user does not have delete permissions or possibly to privilege escalation.

Affected Platforms (CPE)

📦

Safemode Project

Safemode

<= 1.3.2

References & Advisories

🔗 https://github.com/svenfuchs/safemode/pull/23

相关漏洞威胁

CVE-2016-36938.1

The Safemode gem before 1.2.4 for Ruby, when initialized with a delegate object that is a Rails controller, allows context-depende...

CVE-2007-14617.8

The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP before 4.4.7, and 5.x before 5.2.2, does not implement safe...

CVE-2007-14605.0

The zip:// URL wrapper provided by the PECL zip extension in PHP before 4.4.7, and 5.2.0 and 5.2.1, does not implement safemode or...

CVE-2006-72042.1

The imap_body function in PHP before 4.4.4 does not implement safemode or open_basedir checks, which allows local users to read ar...