CVE-2020-15237

Information Exposure Through Discrepancy in gem/shrine

Identifiers

CVE-2020-15237, GHSA-5jjv-x4fq-qjwp

Package Slug

gem/shrine

Vulnerability

Information Exposure Through Discrepancy

Description

In Shrine using Rack::Utils.secure_compare. Users using the derivation_endpoint plugin are urged to upgrade to Shrine or greater. A possible workaround is provided in the linked advisory.

Affected Versions

All versions before 3.3.0

Solution

Upgrade to version 3.3.0 or above.

Last Modified

2020-10-22

source