Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby application. This vulnerability appears to have been fixed in 1.5.5 and 2.0.0.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Sinatra rack-protection 信息泄露漏洞
Vulnerability Description
Sinatra rack-protection是使用在Sinatra中的一个用于抵御网络工具的组件。 Sinatra rack-protection 2.0.0.rc3及之前版本中的跨站请求伪造令牌的检测存在安全漏洞。攻击者可借助对ruby应用程序的网络连接利用该漏洞获取签名。
CVSS Information
N/A
Vulnerability Type
N/A