H1-895727 — Vulnetix

H1-895727 PUBLISHED

Rack parses encoded cookie names allowing an attacker to send malicious `__Host-` and `__Secure-` prefixed cookies

Exploit Intelligence

Rack parses encoded cookie names allowing an attacker to send malicious `__Host-` and `__Secure-` prefixed cookies (hackerone)
Rack parses encoded cookie names allowing an attacker to send malicious `__Host-` and `__Secure-` prefixed cookies (hackerone)
.bundler-audit.yml (github-poc)
.bundler-audit.yml (github-poc)

Timeline

Jun 16, 2020 CVE Published
Jun 16, 2020 PoC Published

References

Rack parses encoded cookie names allowing an attacker to send malicious `__Host-` and `__Secure-` prefixed cookies advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›