CVE-2012-2671: rack-cache: caches sensitive headers

June 16, 2012 (updated August 28, 2013)

The package rack-cache caches potentially sensitive response headers (such as Set-Cookie). Attackers with access to the cache could possibly obtain other user’s cookies to e.g. bypass authentication.

References

bugzilla.novell.com/show_bug.cgi?id=763650

Detect and mitigate CVE-2012-2671 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →