CVE-2020-15237, GHSA-5jjv-x4fq-qjwp
gem/shrine
Information Exposure Through Discrepancy
In Shrine using Rack::Utils.secure_compare
. Users using the derivation_endpoint
plugin are urged to upgrade to Shrine or greater. A possible workaround is provided in the linked advisory.
All versions before 3.3.0
Upgrade to version 3.3.0 or above.
2020-10-22
source |