CVE-2020-8184

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-8184

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-8184.json

Aliases

• GHSA-j6w9-fv6q-3q52

Related

• DLA-2275-1
• DLA-3298-1
• USN-4561-1
• USN-4561-2
• USN-5253-1

Published

2020-06-19T17:15:18Z

Modified

2023-11-08T04:04:15.295390Z

Details

A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.

References

• https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak
• https://lists.debian.org/debian-lts-announce/2020/07/msg00006.html
• https://lists.debian.org/debian-lts-announce/2023/01/msg00038.html
• https://hackerone.com/reports/895727
• https://usn.ubuntu.com/4561-1/