Sha256: 4c4a89b1157dc93adbebc8066a39fe22908870dae250c806d70ae27afe957fd2
Contents?: true
Size: 607 Bytes
Versions: 2
Compression:
Stored size: 607 Bytes
Contents
--- url: http://osvdb.org/show/osvdb/89939 title: | Rack Rack::Session::Cookie Function Timing Attack Remote Code Execution description: | Rack contains a flaw that is due to an error in the Rack::Session::Cookie function. Users of the Marshal session cookie encoding (the default), are subject to a timing attack that may lead an attacker to execute arbitrary code. This attack is more practical against 'cloud' users as intra-cloud latencies are sufficiently low to make the attack viable. cvss_v2: 7.6 patched_versions: - ~> 1.1.6 - ~> 1.2.8 - ~> 1.3.10 - ~> 1.4.5 - ">= 1.5.2"
Version data entries
2 entries across 2 versions & 1 rubygems
| Version | Path |
|---|---|
| bundler-audit-0.1.1 | data/bundler/audit/rack/2013-0263.yml |
| bundler-audit-0.1.0 | data/bundler/audit/rack/2013-0263.yml |