It was discovered that Rack incorrectly handled certain paths. An attacker could possibly use this issue to obtain sensitive information. (CVE-2020-8161)
It was discovered that Rack incorrectly validated cookies. An attacker could possibly use this issue to forge a secure cookie. (CVE-2020-8184)