UBUNTU-CVE-2020-8184

Details

A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.

Affected Packages

ruby-rack

Ubuntu Pro 14.04 LTS

Affected versions:

1.5.2-11.5.2-1ubuntu0.1~esm11.5.2-3+deb8u3ubuntu1~esm21.5.2-3+deb8u3ubuntu1~esm3

Fixed in:

1.5.2-3+deb8u3ubuntu1~esm4

ruby-rack

Ubuntu 16.04 LTS

Affected versions:

1.5.2-41.6.4-21.6.4-31.6.4-3ubuntu0.1

Fixed in:

1.6.4-3ubuntu0.2

ruby-rack

Ubuntu 18.04 LTS

Affected versions:

1.6.4-41.6.4-4ubuntu0.1

Fixed in:

1.6.4-4ubuntu0.2

ruby-rack

Ubuntu 20.04 LTS

Affected versions:

2.0.6-32.0.7-2

Fixed in:

2.0.7-2ubuntu0.1

ruby-rack

Ubuntu 22.04 LTS

Affected versions:

2.1.4-32.1.4-42.1.4-5

Fixed in:

2.1.4-5ubuntu1

ruby-rack

Ubuntu 14.04 LTS

Affected versions:

1.5.2-11.5.2-1ubuntu0.1~esm11.5.2-3+deb8u3ubuntu1~esm21.5.2-3+deb8u3ubuntu1~esm3

References

REPORThttps://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak REPORThttps://hackerone.com/reports/895727 REPORThttps://ubuntu.com/security/CVE-2020-8184 REPORThttps://ubuntu.com/security/notices/USN-4561-1 REPORThttps://ubuntu.com/security/notices/USN-4561-2 REPORThttps://ubuntu.com/security/notices/USN-5253-1 REPORThttps://www.cve.org/CVERecord?id=CVE-2020-8184

UBUNTU-CVE-2020-8184

Details

Affected Packages

References

CVSS Analysis

Related

Ecosystems(6)

Timeline