CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1CVE-2020-8184 – rubygem-rack: percent-encoded cookies can be used to overwrite existing prefixed cookie names
https://notcve.org/view.php?id=CVE-2020-8184
A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix. Se presenta una dependencia de las cookies sin vulnerabilidad de seguridad de control de validación e integridad en rack versiones anteriores a 2.2.3, rack versiones anteriores a 2.1.4, que hace posible a un atacante forjar un prefijo de cookie seguro o solo de host A flaw was found in rubygem-rack. An attacker may be able to trick a vulnerable application into processing an insecure (non-SSL) or cross-origin request if they can gain the ability to write arbitrary cookies that are sent to the application. The highest threat from this vulnerability is to data integrity. • https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak https://hackerone.com/reports/895727 https://lists.debian.org/debian-lts-announce/2020/07/msg00006.html https://lists.debian.org/debian-lts-announce/2023/01/msg00038.html https://usn.ubuntu.com/4561-1 https://access.redhat.com/security/cve/CVE-2020-8184 https://bugzilla.redhat.com/show_bug.cgi?id=1849141 • CWE-20: Improper Input Validation CWE-784: Reliance on Cookies without Validation and Integrity Checking in a Security Decision CWE-807: Reliance on Untrusted Inputs in a Security Decision •
CVSS: 6.3EPSS: 0%CPEs: 4EXPL: 0CVE-2019-16782 – Possible Information Leak / Session Hijack Vulnerability in Rack
https://notcve.org/view.php?id=CVE-2019-16782
There's a possible information leak / session hijack vulnerability in Rack (RubyGem rack). This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.html http://www.openwall.com/lists/oss-security/2019/12/18/2 http://www.openwall.com/lists/oss-security/2019/12/18/3 http://www.openwall.com/lists/oss-security/2019/12/19/3 http://www.openwall.com/lists/oss-security/2020/04/08/1 http://www.openwall.com/lists/oss-security/2020/04/09/2 https://github.com/rack/rack/commit/7fecaee81f59926b6e1913511c90650e76673b38 https://github.com/rack/rack/securit • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy CWE-208: Observable Timing Discrepancy •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2018-16471
https://notcve.org/view.php?id=CVE-2018-16471
There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable. Hay una posible vulnerabilidad Cross-Site Scripting (XSS) en Rack en versiones anteriores a la 2.0.6 y la 1.6.11. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.html https://groups.google.com/forum/#%21topic/rubyonrails-security/GKsAFT924Ag https://lists.debian.org/debian-lts-announce/2018/11/msg00022.html https://usn.ubuntu.com/4089-1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-16470 – rubygem-rack: Buffer size in multipart parser allows for denial of service
https://notcve.org/view.php?id=CVE-2018-16470
There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size. Hay una posible vulnerabilidad de denegación de servicio (DoS) en el analizador multiparte en Rack en versiones anteriores a la 2.0.6. Las peticiones especialmente manipuladas pueden provocar que el analizador multiparte entre en estado patológico, haciendo que emplee una cantidad de recursos de CPU desproporcionada al tamaño de la petición. • https://access.redhat.com/errata/RHSA-2019:3172 https://groups.google.com/forum/#%21msg/rubyonrails-security/U_x-YkfuVTg/xhvYAmp6AAAJ https://access.redhat.com/security/cve/CVE-2018-16470 https://bugzilla.redhat.com/show_bug.cgi?id=1646814 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.0EPSS: 6%CPEs: 7EXPL: 0CVE-2015-3225 – rubygem-rack: Potential Denial of Service Vulnerability in Rack normalize_params()
https://notcve.org/view.php?id=CVE-2015-3225
lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth. Vulnerabilidad en lib/rack/utils.rb en Rack en versiones anteriores a 1.5.4 y 1.6.x anteriores a 1.6.2, tal como se utiliza con Ruby on Rails en versiones 3.x y 4.x y en otros productos, permite a atacantes remotos provocar una denegación de servicio (SystemStackError) a través de una solicitud con un parámetro de gran tamaño. A flaw was found in a way Rack processed parameters of incoming requests. An attacker could use this flaw to send a crafted request that would cause an application using Rack to crash. • http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164173.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165180.html http://lists.opensuse.org/opensuse-updates/2015-07/msg00040.html http://lists.opensuse.org/opensuse-updates/2015-07/msg00043.html http://lists.opensuse.org/opensuse-updates/2015-07/msg00044.html http://openwall.com/lists/oss-security/2015/06/16/14 http://rhn.redhat.com/errata/RHSA-2015-2290.html http://www.debian.org/security&#x • CWE-19: Data Processing Errors CWE-400: Uncontrolled Resource Consumption •