Description
The Rack::Cache rubygem 0.3.0 through 1.1 caches Set-Cookie and other sensitive headers, which allows attackers to obtain sensitive cookie information, hijack web sessions, or have other unspecified impact by accessing the cache.
References (8)
Core 8
Core References
Issue Tracking x_refsource_misc
https://bugzilla.novell.com/show_bug.cgi?id=763650
Patch x_refsource_confirm
https://github.com/rtomayko/rack-cache/commit/2e3a64d07daac4c757cc57620f2288e865a09b90
Various Sources x_refsource_confirm
https://github.com/rtomayko/rack-cache/blob/master/CHANGES
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081812.html
Issue Tracking x_refsource_confirm
https://github.com/rtomayko/rack-cache/pull/52
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/06/06/8
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/06/06/4
Issue Tracking x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=824520
Scores
EPSS
0.0064
EPSS Percentile
70.7%
Details
Status
published
Products (11)
rtomayko/rack-cach
0.3.0
rtomayko/rack-cach
0.4
rtomayko/rack-cach
0.5
rtomayko/rack-cach
0.5.2
rtomayko/rack-cach
0.5.3
rtomayko/rack-cach
1.0
rtomayko/rack-cach
1.0.1
rtomayko/rack-cach
1.0.2
rtomayko/rack-cach
1.0.3
rtomayko/rack-cach
1.1
... and 1 more
Published
Jun 17, 2012
Tracked Since
Feb 18, 2026