CVE-2018-16471

Description

There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable.

Related CPE's

a rack_project rack ********

o debian debian_linux 8.0 *******

References

https://groups.google.com/forum/#!topic/rubyonrails-security/GKsAFT924Ag

Mailing ListPatchThird Party Advisory

[debian-lts-announce] 20181121 [SECURITY] [DLA 1585-1] ruby-rack security update

Mailing ListThird Party Advisory

openSUSE-SU-2019:1553

USN-4089-1

openSUSE-SU-2020:0214

CvssV3 impact

BaseSeverity	MEDIUM
ConfidentialityImpact	LOW
AttackComplexity	LOW
Scope	CHANGED
AttackVector	NETWORK
AvailabilityImpact	NONE
IntegrityImpact	LOW
PrivilegesRequired	NONE
BaseScore	6.1
VectorString	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Version	3.0
UserInteraction	REQUIRED

CvssV2 impact

Version	2.0
VectorString	AV:N/AC:M/Au:N/C:N/I:P/A:N
AccessVector	NETWORK
AccessComplexity	MEDIUM
Authentication	NONE
ConfidentialityImpact	NONE
IntegrityImpact	PARTIAL
AvailabilityImpact	NONE
BaseScore	4.300000190734863

Created by Yello

About Severity.io