CVE-2020-8184
- Source
- https://cve.org/CVERecord?id=CVE-2020-8184
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-8184.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2020-8184
- Aliases
- Downstream
- Related
- Published
- 2020-06-19T17:15:18.757Z
- Modified
- 2026-02-24T11:36:09.339050Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.
- References
-
- https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak
- https://hackerone.com/reports/895727
- https://lists.debian.org/debian-lts-announce/2020/07/msg00006.html
- https://lists.debian.org/debian-lts-announce/2023/01/msg00038.html
- https://usn.ubuntu.com/4561-1/
- https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak
- https://hackerone.com/reports/895727
- https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak
- https://lists.debian.org/debian-lts-announce/2020/07/msg00006.html
- https://lists.debian.org/debian-lts-announce/2023/01/msg00038.html
- https://hackerone.com/reports/895727
Affected packages
Git / gitlab.gnome.org/GNOME/libxml2
Affected ranges
- Type
- GIT
- Repo
- https://gitlab.gnome.org/GNOME/libxml2
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
EAZEL-NAUTILUS-MS-AUG07
FOR_GNOME_0_99_1
GNOME_0_30
GNUMERIC_FIRST_PUBLIC_RELEASE
LIBXML_0_99
LIBXML_1_5_0
LIBXML_1_8_5
LIBXML_1_8_6
LIBXML_2_0_0
LIBXML_2_1_0
LIBXML_2_1_1
LIBXML_2_2_1
LIBXML_TEST_2_0_0
LIB_XML_1_1
LIB_XML_1_3
LIB_XML_1_4
LIB_XML_1_6_1
LIB_XML_1_6_2
LIB_XML_1_7_0
LIB_XML_1_7_1
LIB_XML_1_7_3
LIB_XML_1_8_3
LIB_XML_1_X
Database specific
vanir_signatures
[
{
"signature_type": "Function",
"digest": {
"length": 858.0,
"function_hash": "296518369803799688182676499132672737011"
},
"signature_version": "v1",
"target": {
"function": "xmlNewInputFromFile",
"file": "parserInternals.c"
},
"source": "https://gitlab.gnome.org/GNOME/libxml2@04698d9e1c56467007fcbb9472e5db67cf5938f5",
"id": "CVE-2020-8184-09879482",
"deprecated": false
},
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"267056465572633602302545532716428703303",
"49447795713951446376533765265174244019",
"276389560679829104483071852395265025753",
"154617753870140412869250022265377036863"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "valid.c"
},
"source": "https://gitlab.gnome.org/GNOME/libxml2@04698d9e1c56467007fcbb9472e5db67cf5938f5",
"id": "CVE-2020-8184-0a53577d",
"deprecated": false
},
{
"signature_type": "Function",
"digest": {
"length": 612.0,
"function_hash": "282781309546372009946668217319113905727"
},
"signature_version": "v1",
"target": {
"function": "xmlNodeSetLang",
"file": "tree.c"
},
"source": "https://gitlab.gnome.org/GNOME/libxml2@04698d9e1c56467007fcbb9472e5db67cf5938f5",
"id": "CVE-2020-8184-1a755a06",
"deprecated": false
},
{
"signature_type": "Function",
"digest": {
"length": 927.0,
"function_hash": "90325646916575067881865746239542546566"
},
"signature_version": "v1",
"target": {
"function": "xmlLsCountNode",
"file": "debugXML.c"
},
"source": "https://gitlab.gnome.org/GNOME/libxml2@04698d9e1c56467007fcbb9472e5db67cf5938f5",
"id": "CVE-2020-8184-30c5b3dd",
"deprecated": false
},
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"63330918120909637868718112447266052743",
"274388401605921334926640324279075042858",
"316797930210313459854567004992023460338",
"327825514086262674591612392575842976585"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "debugXML.c"
},
"source": "https://gitlab.gnome.org/GNOME/libxml2@04698d9e1c56467007fcbb9472e5db67cf5938f5",
"id": "CVE-2020-8184-35186a5c",
"deprecated": false
},
{
"signature_type": "Function",
"digest": {
"length": 1013.0,
"function_hash": "245922509535094608734710709975055592993"
},
"signature_version": "v1",
"target": {
"function": "xmlSprintfElementChilds",
"file": "valid.c"
},
"source": "https://gitlab.gnome.org/GNOME/libxml2@04698d9e1c56467007fcbb9472e5db67cf5938f5",
"id": "CVE-2020-8184-41d95777",
"deprecated": false
},
{
"signature_type": "Function",
"digest": {
"length": 699.0,
"function_hash": "257814110467539705144308637954430438157"
},
"signature_version": "v1",
"target": {
"function": "xmlNodeSetName",
"file": "tree.c"
},
"source": "https://gitlab.gnome.org/GNOME/libxml2@04698d9e1c56467007fcbb9472e5db67cf5938f5",
"id": "CVE-2020-8184-46f6d641",
"deprecated": false
},
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"153190382450513759041655494271675708374",
"307882732455745109791322848504884966714",
"163049747985704252145182844556252944680",
"45551523759078962789677522904376281452",
"164256573238662636044300420812632080084",
"38310845450907115794453755379902823544",
"161141653579303929677670476761463384387",
"174588565600072523196284360135743809219",
"83782271524535087140424175215028101084",
"37727781355625929991470260731138620790",
"121064454243391159887182172830208887248",
"45551523759078962789677522904376281452",
"164256573238662636044300420812632080084",
"181529152607958929915465609586813837098",
"73431301367026003956459996802506332634",
"339092693822542338868912264896293809951",
"544090594320842029421622906314504295",
"237354433917717188120026498624652296112",
"121064454243391159887182172830208887248",
"45551523759078962789677522904376281452",
"164256573238662636044300420812632080084",
"181529152607958929915465609586813837098",
"73431301367026003956459996802506332634",
"178762393332836971909380388155010243683"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "SAX.c"
},
"source": "https://gitlab.gnome.org/GNOME/libxml2@04698d9e1c56467007fcbb9472e5db67cf5938f5",
"id": "CVE-2020-8184-5fd6a1d0",
"deprecated": false
},
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"86449508457328615545098797680947168829",
"178206390536470619160095483857599495748",
"324326699629066704746413927198092896126",
"106368915668428964932686575559000307711",
"167339871198884353418093471559237886651",
"258813673763202947904675338663829447943",
"191561106400650104599976622520567069431",
"31846995385258337638249457941062008809",
"264999032026814379144588195152696503641",
"84282638287568896893685117071481527857",
"123711194728496487604444581178784104407",
"39779855572531617870572587667702922939",
"299336066273683705858688598892587677772",
"16640692311134882262206718093920200441",
"31906389460879906759654869922838927836",
"291580404947601253424374277646689576346",
"48241566886999966149373456846811778393",
"41061487794519641074735785217056621201",
"26377063182037105303375277091536660467",
"284587644278056110984178863427677461975",
"48241566886999966149373456846811778393",
"41061487794519641074735785217056621201",
"26377063182037105303375277091536660467",
"21687760814241982036428144232507908749"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "tree.c"
},
"source": "https://gitlab.gnome.org/GNOME/libxml2@04698d9e1c56467007fcbb9472e5db67cf5938f5",
"id": "CVE-2020-8184-62e812e5",
"deprecated": false
},
{
"signature_type": "Function",
"digest": {
"length": 1571.0,
"function_hash": "205468780018299364404197130346486250252"
},
"signature_version": "v1",
"target": {
"function": "xmlNodeAddContentLen",
"file": "tree.c"
},
"source": "https://gitlab.gnome.org/GNOME/libxml2@04698d9e1c56467007fcbb9472e5db67cf5938f5",
"id": "CVE-2020-8184-6a131ee7",
"deprecated": false
},
{
"signature_type": "Function",
"digest": {
"length": 1621.0,
"function_hash": "196075358864830590515116648630770803860"
},
"signature_version": "v1",
"target": {
"function": "xmlNodeSetContentLen",
"file": "tree.c"
},
"source": "https://gitlab.gnome.org/GNOME/libxml2@04698d9e1c56467007fcbb9472e5db67cf5938f5",
"id": "CVE-2020-8184-8996eeb6",
"deprecated": false
},
{
"signature_type": "Function",
"digest": {
"length": 867.0,
"function_hash": "337716398742400468965622251400463591656"
},
"signature_version": "v1",
"target": {
"function": "xmlXPathNextParent",
"file": "xpath.c"
},
"source": "https://gitlab.gnome.org/GNOME/libxml2@04698d9e1c56467007fcbb9472e5db67cf5938f5",
"id": "CVE-2020-8184-96b78a34",
"deprecated": false
},
{
"signature_type": "Function",
"digest": {
"length": 894.0,
"function_hash": "72257485808904987409745162065866128719"
},
"signature_version": "v1",
"target": {
"function": "xmlXPathNextChild",
"file": "xpath.c"
},
"source": "https://gitlab.gnome.org/GNOME/libxml2@04698d9e1c56467007fcbb9472e5db67cf5938f5",
"id": "CVE-2020-8184-9fa11e1d",
"deprecated": false
},
{
"signature_type": "Function",
"digest": {
"length": 1638.0,
"function_hash": "54037456522672868785182068546290872851"
},
"signature_version": "v1",
"target": {
"function": "entityDecl",
"file": "SAX.c"
},
"source": "https://gitlab.gnome.org/GNOME/libxml2@04698d9e1c56467007fcbb9472e5db67cf5938f5",
"id": "CVE-2020-8184-a302b163",
"deprecated": false
},
{
"signature_type": "Function",
"digest": {
"length": 527.0,
"function_hash": "50730151188780336000627162685870686343"
},
"signature_version": "v1",
"target": {
"function": "resolveEntity",
"file": "SAX.c"
},
"source": "https://gitlab.gnome.org/GNOME/libxml2@04698d9e1c56467007fcbb9472e5db67cf5938f5",
"id": "CVE-2020-8184-c37df31b",
"deprecated": false
},
{
"signature_type": "Function",
"digest": {
"length": 1316.0,
"function_hash": "158315895453360599091009065545426017769"
},
"signature_version": "v1",
"target": {
"function": "xmlNodeGetContent",
"file": "tree.c"
},
"source": "https://gitlab.gnome.org/GNOME/libxml2@04698d9e1c56467007fcbb9472e5db67cf5938f5",
"id": "CVE-2020-8184-c57cf5c6",
"deprecated": false
},
{
"signature_type": "Function",
"digest": {
"length": 1598.0,
"function_hash": "131371141670312842373818282823608317209"
},
"signature_version": "v1",
"target": {
"function": "xmlNodeSetContent",
"file": "tree.c"
},
"source": "https://gitlab.gnome.org/GNOME/libxml2@04698d9e1c56467007fcbb9472e5db67cf5938f5",
"id": "CVE-2020-8184-d9f3bd6d",
"deprecated": false
},
{
"signature_type": "Function",
"digest": {
"length": 1623.0,
"function_hash": "129860579208470545648668113200111232194"
},
"signature_version": "v1",
"target": {
"function": "xmlXPathNextAncestor",
"file": "xpath.c"
},
"source": "https://gitlab.gnome.org/GNOME/libxml2@04698d9e1c56467007fcbb9472e5db67cf5938f5",
"id": "CVE-2020-8184-ecb9e479",
"deprecated": false
},
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"102621366703410475819982354537611862180",
"191425362575232722648596890668462037506",
"51791611478368905476037816129742304171",
"324242496108234430457480972379959713290",
"102621366703410475819982354537611862180",
"106801119763263381150836662482780563139",
"231984439078492540650625048681466034719",
"37076473842710157512714645277867359826",
"102621366703410475819982354537611862180",
"106801119763263381150836662482780563139",
"231984439078492540650625048681466034719",
"260891924653729792601703305898815364240",
"102621366703410475819982354537611862180",
"106801119763263381150836662482780563139",
"231984439078492540650625048681466034719",
"260891924653729792601703305898815364240"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "xpath.c"
},
"source": "https://gitlab.gnome.org/GNOME/libxml2@04698d9e1c56467007fcbb9472e5db67cf5938f5",
"id": "CVE-2020-8184-f23c535b",
"deprecated": false
},
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"278832380002408244997755755296568431224",
"301410930383563908822841924318751704112",
"296705588480398420241407561634793207919",
"96409675361487930529183394747690042591",
"288855937796094640695759597866244289819",
"60366520872147301095325662016828624872",
"137735895886457161255294591640188345275",
"666963271776804997094114116087287522",
"307038920276357653798335080803936395988",
"322171402832651905429884517803778989817",
"330283959696975734460296521610302375594"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "parserInternals.c"
},
"source": "https://gitlab.gnome.org/GNOME/libxml2@04698d9e1c56467007fcbb9472e5db67cf5938f5",
"id": "CVE-2020-8184-fe210c1a",
"deprecated": false
}
]
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-8184.json"