2 matches found
PYSEC-2026-199
An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.http.HttpRequest.getsignedcookie in Django uses a non-injective salt derivation concatenating the cookie name and salt argument, which allows a remote attacker to use a cookie in a context different from the one wher...
Improper Input Validation
Overview railsmultisite is a gem for multi-db support for Rails applications. Affected versions of this package are vulnerable to Improper Input Validation. Secure/signed cookies share secrets between sites in a multi-site application. Impact This vulnerability impacts any Rails applications usin...