Risk Scores
CVSS v3.1
4.199999809265137
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
EPSS Score
0.12%
30.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| rack | rack-session | >= 2.0.0, < 2.1.1 |
| RubyGems | rack-session | 2.0.0 |
Timeline
- May 8, 2025 CVE Published
- May 8, 2025 PoC Published
- May 8, 2025 PoC Published
- May 9, 2025 CVE Updated
- May 9, 2025 EPSS Score
- May 9, 2025 PoC Published
- May 9, 2025 PoC Published
- May 9, 2025 PoC Published
- May 9, 2025 PoC Published
- May 9, 2025 PoC Published
- May 9, 2025 PoC Published
- May 9, 2025 PoC Published
References
- https://github.com/rack/rack-session/security/advisories/GHSA-9j94-67jr-4cqj url
- https://github.com/rack/rack/security/advisories/GHSA-vpfw-47h7-xj4g url
- https://github.com/rack/rack-session/commit/c28c4a8c1861d814e09f2ae48264ac4c40be2d3b url
- https://nvd.nist.gov/vuln/detail/CVE-2025-46336 advisory
- https://github.com/rack/rack-session package
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack-session/CVE-2025-46336.yml url