CVE-2020-8184

A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.

References

Affected packages

Debian:11 / ruby-rack

Package

Name: ruby-rack
Purl: pkg:deb/debian/ruby-rack?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.1-6

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / ruby-rack

Package

Name: ruby-rack
Purl: pkg:deb/debian/ruby-rack?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.1-6

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / ruby-rack

Package

Name: ruby-rack
Purl: pkg:deb/debian/ruby-rack?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.1-6

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/rack/rack

Affected ranges

Type: GIT
Repo: https://github.com/rack/rack
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

52808700e0ade4225625c6729529e13a6b31cc2f

Affected versions

0.*

0.1

0.2

0.3

1.*

1.0

1.1

1.2

1.2.1

1.3.0

1.3.0.beta

1.3.0.beta2

1.4.0

1.4.1

1.5.0

1.5.1

1.5.2

1.6.0

1.6.0.beta

1.6.0.beta2

2.*

2.0.0

2.0.0.alpha

2.0.0.rc1

2.0.1

2.1.0

2.1.1

2.1.2

2.1.3