Identifier

CVE-2020-8184

Package Slug

gem/rack

Vulnerability

Improper Input Validation

Description

A reliance on cookies without validation/integrity check security vulnerability exists in rack that makes it is possible for an attacker to forge a secure or host-only cookie prefix.

Affected Versions

All versions before 2.1.4, all versions starting from 2.2.0 before 2.2.3

Solution

Upgrade to versions 2.1.4, 2.2.3 or above.

Last Modified

2020-07-21

source