rack-mini-profiler is a Rails Middleware that displays a speed badge for every html page. It's designed to work both in production and in development but on this website it has been misconfigured to expose sensitive information (such environment variables) without authentication.

Environment variables are a set of dynamic named values that can affect the way running processes will behave on a computer. For example, an environment variable with a standard name can designate the location that a particular computer system uses to store temporary files but this may vary from one computer system to another.


rack-mini-profiler should not be enabled in production websites. It's recommended to disable rack-mini-profiler or to restrict access to rack-mini-profiler page.


Related Vulnerabilities