Description

There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable.

Related CPE's

a

rack_project

rack

2

o

debian

debian_linux

8.0

Vulnerable

References

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00032.html

http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.html

https://groups.google.com/forum/#%21topic/rubyonrails-security/GKsAFT924Ag

https://lists.debian.org/debian-lts-announce/2018/11/msg00022.html

Mailing ListThird Party Advisory

https://usn.ubuntu.com/4089-1/

Weaknesses

[email protected]

Primary
CWE-79

[email protected]

Secondary
CWE-79

CVSS impact metrics

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.1 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2018-11-13T23:29:00.310

6 years ago

Last modified

2023-11-07T02:53:46.183

1 year ago