6 matches found
CVE-2025-46336 vulnerabilities
Vulnerabilities for packages: ruby3.2-rails, ruby3.3-rails, logstash, ruby3.4-rails...
CVE-2025-46336
Rack::Session is a session management implementation for Rack. In versions starting from 2.0.0 to before 2.1.1, when using the Rack::Session::Pool middleware, and provided the attacker can acquire a session cookie already a major issue, the session may be restored if the attacker can trigger a lo...
CVE-2025-46336 Rack session gets restored after deletion
Rack::Session is a session management implementation for Rack. In versions starting from 2.0.0 to before 2.1.1, when using the Rack::Session::Pool middleware, and provided the attacker can acquire a session cookie already a major issue, the session may be restored if the attacker can trigger a lo...
CVE-2025-46336
CVE-2025-46336 affects Rack::Session within the Rack::Session::Pool middleware. In versions 2.0.0 up to but not including 2.1.1, if an attacker has a valid session cookie and can trigger a long-running request adjacent to a user logout, the session may be restored, allowing illicit access after l...
CVE-2025-46336 Rack session gets restored after deletion
Rack::Session is a session management implementation for Rack. In versions starting from 2.0.0 to before 2.1.1, when using the Rack::Session::Pool middleware, and provided the attacker can acquire a session cookie already a major issue, the session may be restored if the attacker can trigger a lo...
CVE-2025-46336
Rack::Session is a session management implementation for Rack. In versions starting from 2.0.0 to before 2.1.1, when using the Rack::Session::Pool middleware, and provided the attacker can acquire a session cookie already a major issue, the session may be restored if the attacker can trigger a lo...