Lucene search

K

Shrine Security Vulnerabilities

cve
cve

CVE-2020-15237

In Shrine before version 3.3.0, when using the derivation_endpoint plugin, it's possible for the attacker to use a timing attack to guess the signature of the derivation URL. The problem has been fixed by comparing sent and calculated signature in constant time, using Rack::Utils.secure_compare....

5.9CVSS

5.8AI Score

0.001EPSS

2020-10-05 07:15 PM
60