H1-895727 — Vulnetix

Try Vulnetix Request Demo

H1-895727 PUBLISHED

Rack parses encoded cookie names allowing an attacker to send malicious `__Host-` and `__Secure-` prefixed cookies

Timeline

Jun 16, 2020 CVE Published
Jun 16, 2020 PoC Published

References

Rack parses encoded cookie names allowing an attacker to send malicious `__Host-` and `__Secure-` prefixed cookies advisory

Open in Interactive Console →