Rack Rack::Session::Cookie Function Timing Attack Remote Code Execution
Rack contains a flaw that is due to an error in the Rack::Session::Cookie
function. Users of the Marshal session cookie encoding (the default), are
subject to a timing attack that may lead an attacker to execute arbitrary
code. This attack is more practical against 'cloud' users as intra-cloud
latencies are sufficiently low to make the attack viable.
Am I vulnerable?
The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.
Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.Sign up for monitoring
Affected package information
|Package||Patched in||Unaffected in|