CVE-2020-8184

Summary

A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.

Affected Software

VendorProductVersion RangeStatus
n/ahttps://github.com/rack/rackrack >= 2.2.3, rack >= 2.1.4affected

Weaknesses

  • CWE-784: Reliance on Cookies without Validation and Integrity Checking in a Security Decision (CWE-784)

ADP Enrichment

CVE Program Container

Additional References

References