RubyGem Rack 安全漏洞

RubyGem Rack is a modular interface between a web server and a web application developed using the Ruby programming language. A security vulnerability exists in RubyGem Rack that stems from the presence of a code execution issue...

SUSE: Security Advisory (SUSE-SU-2015:2190-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

rubygem-rack: hijack sessions by using timing attacks targeting the session id

A flaw was found in rubygem-rack in versions prior to 1.6.12 and 2.0.8. An information leak may allow an attacker to find and hijack sessions using timing attacks targeting the session ID. The highest threat from the vulnerability is to data confidentiality...

SUSE-SU-2020:2678-1 Security update for rubygem-rack

This update for rubygem-rack to version 1.6.13 fixes the following issues: - CVE-2020-8184: Fixed an issue where percent-encoded cookies could have been used to overwrite existing prefixed cookie names bsc1173351. - CVE-2020-8161: Fixed a directory traversal bsc1172037. - CVE-2019-16782: Fixed an...

CVE-2020-8184

A flaw was found in rubygem-rack. An attacker may be able to trick a vulnerable application into processing an insecure non-SSL or cross-origin request if they can gain the ability to write arbitrary cookies that are sent to the application. The highest threat from this vulnerability is to data...

CVE-2019-16782

A flaw was found in rubygem-rack in versions prior to 1.6.12 and 2.0.8. An information leak may allow an attacker to find and hijack sessions using timing attacks targeting the session ID. The highest threat from the vulnerability is to data confidentiality. Mitigation There is no mitigation for...

RubyGem Rack Path Traversal Vulnerability

RubyGem Rack is a modular interface between web servers and web applications developed using the Ruby programming language. A path traversal vulnerability exists in RubyGem Rack versions prior to 2.2.0. The vulnerability stems from a failure of a network system or product to properly filter speci...

openSUSE Security Update : rubygem-rack (openSUSE-2020-214)

This update for rubygem-rack to version 2.0.8 fixes the following issues : - CVE-2018-16471: Fixed a cross-site scripting XSS flaw via the scheme method on Rack::Request bsc1116600. - CVE-2019-16782: Fixed a possible information leak and session hijack vulnerability bsc1159548. This update was...

OPENSUSE-SU-2020:0214-1 Security update for rubygem-rack

This update for rubygem-rack to version 2.0.8 fixes the following issues: - CVE-2018-16471: Fixed a cross-site scripting XSS flaw via the scheme method on Rack::Request bsc1116600. - CVE-2019-16782: Fixed a possible information leak and session hijack vulnerability bsc1159548. This update was...

Security update for rubygem-rack (moderate)

openSUSE Security Update: Security update for rubygem-rack Announcement ID: openSUSE-SU-2020:0214-1 Rating: moderate References: 1114828 1116600 1159548 Cross-References: CVE-2018-16471 CVE-2019-16782 Affected Products: openSUSE Leap 15.1 An update that solves two vulnerabilities and has one erra...

SUSE SLED15 / SLES15 Security Update : rubygem-rack (SUSE-SU-2020:0359-1)

This update for rubygem-rack to version 2.0.8 fixes the following issues : CVE-2018-16471: Fixed a cross-site scripting XSS flaw via the scheme method on Rack::Request bsc1116600. CVE-2019-16782: Fixed a possible information leak and session hijack vulnerability bsc1159548. Note that Tenable...

SUSE-SU-2020:0359-1 Security update for rubygem-rack

This update for rubygem-rack to version 2.0.8 fixes the following issues: - CVE-2018-16471: Fixed a cross-site scripting XSS flaw via the scheme method on Rack::Request bsc1116600. - CVE-2019-16782: Fixed a possible information leak and session hijack vulnerability bsc1159548...

Fedora: Security Advisory for rubygem-rack (FEDORA-2020-57fc0d0156)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora 31 : 1:rubygem-rack (2020-57fc0d0156)

Update to Rack 2.0.8. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network Security,...

[SECURITY] Fedora 31 Update: rubygem-rack-2.0.8-1.fc31

Rack provides a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a single...

FreeBSD : rack -- information leak / session hijack vulnerability (66e4dc99-28b3-11ea-8dde-08002728f74c)

National Vulnerability Database : There's a possible information leak / session hijack vulnerability in Rack RubyGem rack. This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids ar...

CVE-2019-16782

CVE-2019-16782 : Rack (RubyGem) contains a timing-based information disclosure vulnerability that can enable session hijacking. The flaw arises from non-constant-time handling of session IDs in the backing store, allowing an attacker to infer a valid session ID by measuring lookup times. The issu...

openSUSE: Security Advisory for rubygem-rack (openSUSE-SU-2019:1553-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE Security Update : rubygem-rack (openSUSE-2019-1553)

This update for rubygem-rack fixes the following issues : Security issued fixed : - CVE-2018-16471: Fixed a cross-site scripting vulnerability via 'scheme' method bsc1116600. This update was imported from the SUSE:SLE-12:Update update project. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

Security update for rubygem-rack (moderate)

openSUSE Security Update: Security update for rubygem-rack Announcement ID: openSUSE-SU-2019:1553-1 Rating: moderate References: 1114828 1116600 Cross-References: CVE-2018-16471 Affected Products: openSUSE Leap 42.3 An update that solves one vulnerability and has one errata is now available...