Skip to main content

Shrine

1 CVEs product

Monthly

CVE-2020-15237 Ruby MEDIUM PATCH This Month

In Shrine before version 3.3.0, when using the `derivation_endpoint` plugin, it's possible for the attacker to use a timing attack to guess the signature of the derivation URL. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Shrine
NVD GitHub
CVSS 3.1
5.9
EPSS
1.0%
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

In Shrine before version 3.3.0, when using the `derivation_endpoint` plugin, it's possible for the attacker to use a timing attack to guess the signature of the derivation URL. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Shrine
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy