CVE-2013-0263

Source
https://nvd.nist.gov/vuln/detail/CVE-2013-0263
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2013-0263.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2013-0263
Aliases
Related
Published
2013-02-08T20:55:01Z
Modified
2024-09-11T02:00:04Z
Summary
[none]
Details

Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that does not run in constant time.

References

Affected packages

Debian:11 / ruby-rack

Package

Name
ruby-rack
Purl
pkg:deb/debian/ruby-rack?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.1-2.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / ruby-rack

Package

Name
ruby-rack
Purl
pkg:deb/debian/ruby-rack?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.1-2.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / ruby-rack

Package

Name
ruby-rack
Purl
pkg:deb/debian/ruby-rack?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.1-2.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}