VDB
CVE-2020-8184
CVE-2020-8184
PUBLISHED
A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.
EPSS 0.81% · 74.5th percentile
Risk Scores
EPSS Score
0.81%
74.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | ruby-rack | 1.6.4-4ubuntu0.1, 0, 1.6.4-4 |
| Ubuntu:16.04:LTS | ruby-rack | 1.5.2-4, 1.6.4-3ubuntu0.1, 1.6.4-3 |
| Ubuntu:Pro:14.04:LTS | ruby-rack | 1.5.2-1ubuntu0.1~esm1, 0, 1.5.2-1 |
| Ubuntu:20.04:LTS | ruby-rack | 0, 2.0.7-2, 2.0.6-3 |
Timeline
- CVE Published
- Jun 16, 2020 PoC Published
- Apr 14, 2021 EPSS Score
- Jun 22, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 3, 2022 PoC Published
- Feb 4, 2022 EPSS Score
- Feb 27, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-8184 third-party-advisory
- https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak third-party-advisory
- https://hackerone.com/reports/895727 third-party-advisory
- https://ubuntu.com/security/notices/USN-4561-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-4561-2 vendor-advisory
- https://ubuntu.com/security/notices/USN-5253-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-8184 third-party-advisory