CVE-2020-8184
A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.
| Software | From | Fixed in |
|---|---|---|
| rack_project / rack | - | 2.1.4 |
| rack_project / rack | 2.2.0 | 2.2.3 |
| debian / debian_linux | 9.0 | 9.0.x |
| debian / debian_linux | 10.0 | 10.0.x |
| canonical / ubuntu_linux | 18.04 | 18.04.x |
rack
|
- | 2.1.4 |
|
rack
|
2.2.0 | 2.2.3 |
- https://github.com/rack/rack/commit/1f5763de6a9fe515ff84992b343d63c88104654c
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2020-8184.yml
- https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak
- https://hackerone.com/reports/895727
- https://lists.debian.org/debian-lts-announce/2020/07/msg00006.html
- https://lists.debian.org/debian-lts-announce/2023/01/msg00038.html
- https://usn.ubuntu.com/4561-1/
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime