Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.1
CVSSv3

CVE-2018-16471

Published: 13/11/2018 Updated: 07/11/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 384
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Rack

Vulnerability Summary

There is a possible XSS vulnerability in Rack prior to 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

rack project rack

debian debian linux 8.0

Vendor Advisories

Debian CVElist Bug Report Logs: ruby-rack: CVE-2018-16471: Possible XSS vulnerability in Rack
Debian Bug report logs - #913005 ruby-rack: CVE-2018-16471: Possible XSS vulnerability in Rack Package: src:ruby-rack; Maintainer for src:ruby-rack is Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 5 Nov 2018 20:36 ...
Ubuntu Security Notice: ruby-rack vulnerability
Rack could allow cross-site scripting (XSS) attacks ...
Red Hat: CVE-2018-16471
There is a possible XSS vulnerability in Rack before 206 and 1611 Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request` Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to an XSS attack Note that applications using the nor ...

Github Repositories

https://github.com/gersteinlab/STRESSserver

Server code for STRESS

Allosteric Web Repo for website of an allosteric project in Gersten lab All code from DC in code folder Note about potential security vulnerability The current version of this server has a security vulnerability This vulnerability, which is in the rack module, has been classified by GitHub as a moderate severity security vulnerability More information can be found here: https

https://github.com/gersteinlab/STRESS

STRESS A computationally-efficient framework for identifying potential allosteric residues at the protein surface and within the interior The original stress server on AWS is currently down due to AWS settings udpdates We apologize for the inconvenience Note about potential security vulnerability: The current version of this server has a security vulnerability This vulnerabil

References

CWE-79https://lists.debian.org/debian-lts-announce/2018/11/msg00022.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00032.htmlhttps://usn.ubuntu.com/4089-1/http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.htmlhttps://groups.google.com/forum/#%21topic/rubyonrails-security/GKsAFT924Aghttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913005https://usn.ubuntu.com/4089-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypassCVE-2024-30051remoteCVE-2024-27954CVE-2023-51483CVE-2023-47782SSRFCVE-2024-24715CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook