Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2020-8184

Published: 19 June 2020

A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
ruby-rack
Launchpad, Ubuntu, Debian
bionic
Released (1.6.4-4ubuntu0.2)
eoan Ignored
(reached end-of-life)
focal
Released (2.0.7-2ubuntu0.1)
groovy
Released (2.1.1-5ubuntu0.1)
hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Not vulnerable
(2.1.4-5ubuntu1)
kinetic Not vulnerable
(2.2.4-2)
precise Does not exist

trusty
Released (1.5.2-3+deb8u3ubuntu1~esm4)
upstream
Released (2.2.3, 2.1.4)
xenial
Released (1.6.4-3ubuntu0.2)
Patches:
upstream: https://github.com/rack/rack/commit/1f5763de6a9fe515ff84992b343d63c88104654c