2 matches found
CVE-2019-25025
Removed by vendor...
CVE-2019-25025
The ActiveRecord Session Store (activerecord-session_store) vulnerability CVE-2019-25025 affects Ruby on Rails implementations using versions up to 1.1.3, where the session-id validation does not use constant-time comparison. This enables timing-based leakage to guess valid session IDs, with rela...