Rack::Session::Cookie in Rack 1.5.x prior to 1.5.2, 1.4.x prior to 1.4.5, 1.3.x prior to 1.3.10, 1.2.x prior to 1.2.8, and 1.1.x prior to 1.1.6 allows remote malicious users to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that does not run in constant time.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
rack project rack 1.5.1 |
||
rack project rack 1.5.0 |
||
rack project rack 1.4.4 |
||
rack project rack 1.4.2 |
||
rack project rack 1.4.3 |
||
rack project rack 1.4.0 |
||
rack project rack 1.4.1 |
||
rack project rack 1.3.1 |
||
rack project rack 1.3.7 |
||
rack project rack 1.3.8 |
||
rack project rack 1.3.2 |
||
rack project rack 1.3.5 |
||
rack project rack 1.3.9 |
||
rack project rack 1.3.6 |
||
rack project rack 1.3.0 |
||
rack project rack 1.3.4 |
||
rack project rack 1.3.3 |
||
rack project rack 1.2.6 |
||
rack project rack 1.2.3 |
||
rack project rack 1.2.0 |
||
rack project rack 1.2.7 |
||
rack project rack 1.2.1 |
||
rack project rack 1.2.4 |
||
rack project rack 1.2.2 |
||
rack project rack 1.1.0 |
||
rack project rack 1.1.4 |
||
rack project rack 1.1.5 |
||
rack project rack 1.1.6 |