Closed bsp3ars closed 2 years ago
We need to upgrade the Rack gem to ~> 2.1.4 or >= 2.2.3
Bundler-audit message:
Name: rack Version: 2.0.8 CVE: CVE-2020-8184 GHSA: GHSA-j6w9-fv6q-3q52 Criticality: Unknown URL: https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak Title: Percent-encoded cookies can be used to overwrite existing prefixed cookie names Solution: upgrade to ~> 2.1.4, >= 2.2.3
Name: rack Version: 2.0.8 CVE: CVE-2020-8161 GHSA: GHSA-5f9h-9pjv-v6j7 Criticality: Unknown URL: https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA Title: Directory traversal in Rack::Directory app bundled with Rack Solution: upgrade to ~> 2.1.3, >= 2.2.0
Descriptive summary
We need to upgrade the Rack gem to ~> 2.1.4 or >= 2.2.3
Bundler-audit message:
Name: rack Version: 2.0.8 CVE: CVE-2020-8184 GHSA: GHSA-j6w9-fv6q-3q52 Criticality: Unknown URL: https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak Title: Percent-encoded cookies can be used to overwrite existing prefixed cookie names Solution: upgrade to ~> 2.1.4, >= 2.2.3
Name: rack Version: 2.0.8 CVE: CVE-2020-8161 GHSA: GHSA-5f9h-9pjv-v6j7 Criticality: Unknown URL: https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA Title: Directory traversal in Rack::Directory app bundled with Rack Solution: upgrade to ~> 2.1.3, >= 2.2.0