Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2020-8184

A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.

Related bugs and status

CVE-2020-8184 (Candidate) is related to these bugs:

Bug #1990575: [MIR] Promote ruby-rack to main as a pcs indirect dependency

Summary				In	Importance	Status
	1990575	[MIR] Promote ruby-rack to main as a pcs indirect dependency		ruby-rack (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://groups.google....
MISC: https://hackerone.com/...
MLIST: [debian-lts-announce] ...
UBUNTU: USN-4561-1
MLIST: [debian-lts-announce] ...