There is a possible XSS vulnerability in Rack. Carefully crafted requests can impact the data returned by the scheme
method on Rack::Request
.Applications that expect the scheme to be limited to “http” or “https” and do not escape the return value could be vulnerable to an XSS attack (CVE-2018-16471).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 6 | noarch | ruby-rack | < 1.6.11-1 | ruby-rack-1.6.11-1.mga6 |