Vulnerabilities found activerecord-session_store Timing Attack

rails / activerecord-session_store

Active Record's Session Store extracted from Rails

MIT License

547 stars 188 forks source link

Vulnerabilities found activerecord-session_store Timing Attack #174

Closed ibmandeep closed 3 years ago

ibmandeep commented 3 years ago

While running bundle audit getting this activerecord-session_store timing attack Vulnerability issue (CVE-2019-25025 ) Screenshot from 2021-03-09 11-18-58

sikachu commented 3 years ago

I just merged in https://github.com/rails/activerecord-session_store/pull/151.

Once we got a new documentation patch regarding the newly introduce #secure! method in (https://github.com/rails/activerecord-session_store/pull/151#pullrequestreview-608318558), I'll cut a new release.

sikachu commented 3 years ago

I've released version 2.0.0 and submit PR to update ruby-advisory-db https://github.com/rubysec/ruby-advisory-db/pull/463