Skip to main content

Rack Protection

1 CVEs product

Monthly

CVE-2018-1000119 Ruby MEDIUM PATCH This Month

Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

CSRF Rack Protection
NVD GitHub
CVSS 3.0
5.9
EPSS
2.5%
EPSS 2% CVSS 5.9
MEDIUM PATCH This Month

Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

CSRF Rack Protection
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy