FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
66e4dc99-28b3-11ea-8dde-08002728f74crack -- information leak / session hijack vulnerability

National Vulnerability Database:

There's a possible information leak / session hijack vulnerability in Rack (RubyGem rack). This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session. The session id itself may be generated randomly, but the way the session is indexed by the backing store does not use a secure comparison.


Discovery 2019-12-08
Entry 2019-12-29
rubygem-rack
ge 2.0.0 lt 2.0.8,3

rubygem-rack16
ge 1.6.0 lt 1.6.12

https://nvd.nist.gov/vuln/detail/CVE-2019-16782
https://github.com/rack/rack/blob/master/CHANGELOG.md
CVE-2019-16782
eb8a8978-8dd5-49ce-87f4-49667b2166ddrubygem-rails -- multiple vulnerabilities

Ruby on Rails blog:

Rails 3.2.22, 4.1.11 and 4.2.2 have been released, along with web console and jquery-rails plugins and Rack 1.5.4 and 1.6.2.


Discovery 2015-06-16
Entry 2015-06-17
rubygem-activesupport
lt 3.2.22

rubygem-activesupport4
lt 4.2.2

rubygem-jquery-rails
lt 3.1.3

rubygem-jquery-rails4
lt 4.0.4

rubygem-rack
lt 1.4.6

rubygem-rack15
lt 1.5.4

rubygem-rack16
lt 1.6.2

rubygem-rails
lt 3.2.22

rubygem-rails4
lt 4.2.2

rubygem-web-console
lt 2.1.3

CVE-2015-1840
CVE-2015-3224
CVE-2015-3225
CVE-2015-3226
CVE-2015-3227
http://weblog.rubyonrails.org/2015/6/16/Rails-3-2-22-4-1-11-and-4-2-2-have-been-released-and-more/