Sha256: eb2b8498ad76ea0ee6988a581e4feb61e0ee8638f8d0ab886f5f7ab5b84f56de
Contents?: true
Size: 559 Bytes
Versions: 1
Compression:
Stored size: 559 Bytes
Contents
--- gem: rack-protection cve: 2018-1000119 url: https://github.com/sinatra/rack-protection/pull/98 date: 2018-03-07 title: rack-protection gem timing attack vulnerability when validating CSRF token description: | Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby application. cvss_v3: 5.9 cvss_v2: 4.3 patched_versions: - ~> 1.5.5 - ">= 2.0.0"
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| bundler-audit-0.7.0.1 | data/ruby-advisory-db/gems/rack-protection/CVE-2018-1000119.yml |