CVE-2013-0263: Timing attack against Rack::Session::Cookie

February 8, 2013 (updated August 13, 2018)

Affected versions allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving am HMAC comparison function that does not run in constant time.

References

rack.github.com/

Detect and mitigate CVE-2013-0263 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →