sinatra/rack-protection

Releases17

Frequency5 months 1 day

Last Release over 8 years ago

Stars813

NOTE: This project has been merged upstream to sinatra/sinatra

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2018-1000119 ↗	Mar 7, 2018Wednesday, 7 March 2018, 14:29	—	4.3 MEDIUM
Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby application. This vulnerability appears to have been fixed in 1.5.5 and 2.0.0.