Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby application. This vulnerability appears to have been fixed in 1.5.5 and 2.0.0.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-03-07T14:00:00

Updated: 2024-08-05T12:33:49.338Z

Reserved: 2018-03-07T00:00:00

Link: CVE-2018-1000119

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-03-07T14:29:00.390

Modified: 2020-08-24T17:37:01.140

Link: CVE-2018-1000119

cve-icon Redhat

Severity : Moderate

Publid Date: 2015-05-25T00:00:00Z

Links: CVE-2018-1000119 - Bugzilla