CVE-2017-7540

Name of the Vulnerable Software and Affected Versions rubygem-safemode versions 1.3.2 and earlier

Description The issue allows bypassing of safe mode limitations via special Ruby syntax, potentially leading to the deletion of objects for which the user does not have delete permissions or possibly to privilege escalation.

Recommendations For versions 1.3.2 and earlier, consider disabling the use of special Ruby syntax in safe mode until a patch is available. Restrict access to sensitive objects to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.