Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Secure/signed cookies share secrets between sites in rails_multisite
Vulnerability Description
rails_multisite provides multi-db support for Rails applications. In affected versions this vulnerability impacts any Rails applications using `rails_multisite` alongside Rails' signed/encrypted cookies. Depending on how the application makes use of these cookies, it may be possible for an attacker to re-use cookies on different 'sites' within a multi-site Rails application. The issue has been patched in v4 of the `rails_multisite` gem. Note that this upgrade will invalidate all previous signed/encrypted cookies. The impact of this invalidation will vary based on the application architecture.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
Vulnerability Type
信息暴露
Vulnerability Title
Rails 加密问题漏洞
Vulnerability Description
Rails是Rails团队的一套基于Ruby语言的开源Web应用框架。 Rails multisite 存在加密问题漏洞,攻击者可能会在多个Rails应用程序中的不同sites上重复使用cookie。
CVSS Information
N/A
Vulnerability Type
N/A