Sha256: 01dffbbe6bd5861aaa8902eda1142d976a03d0b7d276f004b4d40c9a145d6043

Contents?: true

Size: 653 Bytes

Versions: 3

Compression:

Stored size: 653 Bytes

Contents

--- 
gem: rack
cve: 2013-0263
osvdb: 89939
url: http://osvdb.org/show/osvdb/89939
title: |
  Rack Rack::Session::Cookie Function Timing Attack Remote Code Execution 
date: 2009-12-01

description: |
  Rack contains a flaw that is due to an error in the Rack::Session::Cookie
  function. Users of the Marshal session cookie encoding (the default), are
  subject to a timing attack that may lead an attacker to execute arbitrary
  code. This attack is more practical against 'cloud' users as intra-cloud
  latencies are sufficiently low to make the attack viable.

cvss_v2: 5.1
patched_versions: 
- ~> 1.1.6
- ~> 1.2.8
- ~> 1.3.10
- ~> 1.4.5
- ">= 1.5.2"

Version data entries

3 entries across 3 versions & 2 rubygems

Version Path
bundler-audit-0.4.0 data/ruby-advisory-db/gems/rack/OSVDB-89939.yml
bundler-audit-0.3.1 data/ruby-advisory-db/gems/rack/OSVDB-89939.yml
mrjoy-bundler-audit-0.3.3 data/ruby-advisory-db/gems/rack/OSVDB-89939.yml