A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| rack(RubyGems) | 0 | 2.1.4 | N/A |
| rack(RubyGems) | 2.2.0 | 2.2.3 | N/A |
CVSS Metrics
