FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
66e4dc99-28b3-11ea-8dde-08002728f74c	rack -- information leak / session hijack vulnerability National Vulnerability Database: There's a possible information leak / session hijack vulnerability in Rack (RubyGem rack). This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session. The session id itself may be generated randomly, but the way the session is indexed by the backing store does not use a secure comparison. Discovery 2019-12-08 Entry 2019-12-29 rubygem-rack ge 2.0.0 lt 2.0.8,3 rubygem-rack16 ge 1.6.0 lt 1.6.12 https://nvd.nist.gov/vuln/detail/CVE-2019-16782 https://github.com/rack/rack/blob/master/CHANGELOG.md CVE-2019-16782
eb8a8978-8dd5-49ce-87f4-49667b2166dd	rubygem-rails -- multiple vulnerabilities Ruby on Rails blog: Rails 3.2.22, 4.1.11 and 4.2.2 have been released, along with web console and jquery-rails plugins and Rack 1.5.4 and 1.6.2. Discovery 2015-06-16 Entry 2015-06-17 rubygem-activesupport < 3.2.22 rubygem-activesupport4 < 4.2.2 rubygem-jquery-rails < 3.1.3 rubygem-jquery-rails4 < 4.0.4 rubygem-rack < 1.4.6 rubygem-rack15 < 1.5.4 rubygem-rack16 < 1.6.2 rubygem-rails < 3.2.22 rubygem-rails4 < 4.2.2 rubygem-web-console < 2.1.3 CVE-2015-1840 CVE-2015-3224 CVE-2015-3225 CVE-2015-3226 CVE-2015-3227 http://weblog.rubyonrails.org/2015/6/16/Rails-3-2-22-4-1-11-and-4-2-2-have-been-released-and-more/

VuXML ID

Description

66e4dc99-28b3-11ea-8dde-08002728f74c

rack -- information leak / session hijack vulnerability

National Vulnerability Database:

There's a possible information leak / session hijack vulnerability in Rack (RubyGem rack). This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session. The session id itself may be generated randomly, but the way the session is indexed by the backing store does not use a secure comparison.

Discovery 2019-12-08
Entry 2019-12-29
rubygem-rack

ge 2.0.0 lt 2.0.8,3

rubygem-rack16

ge 1.6.0 lt 1.6.12

https://nvd.nist.gov/vuln/detail/CVE-2019-16782
https://github.com/rack/rack/blob/master/CHANGELOG.md
CVE-2019-16782

eb8a8978-8dd5-49ce-87f4-49667b2166dd

rubygem-rails -- multiple vulnerabilities

Ruby on Rails blog:

Rails 3.2.22, 4.1.11 and 4.2.2 have been released, along with web console and jquery-rails plugins and Rack 1.5.4 and 1.6.2.

Discovery 2015-06-16
Entry 2015-06-17
rubygem-activesupport

< 3.2.22

rubygem-activesupport4

< 4.2.2

rubygem-jquery-rails

< 3.1.3

rubygem-jquery-rails4

< 4.0.4

rubygem-rack

< 1.4.6

rubygem-rack15

< 1.5.4

rubygem-rack16

< 1.6.2

rubygem-rails

< 3.2.22

rubygem-rails4

< 4.2.2

rubygem-web-console

< 2.1.3

CVE-2015-1840
CVE-2015-3224
CVE-2015-3225
CVE-2015-3226
CVE-2015-3227
http://weblog.rubyonrails.org/2015/6/16/Rails-3-2-22-4-1-11-and-4-2-2-have-been-released-and-more/