cvedb.io
CVE-2018-1000119
MEDIUM · CVSS 5.9
EPSS exploitation probability: 0%
Published 2018-03-07T14:29:00.390 · Last modified 2026-06-17T01:32:28.030

Summary

Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby application. This vulnerability appears to have been fixed in 1.5.5 and 2.0.0.

Affected products

sinatrarb — rack-protection

Does this affect you?

Add your gear to cvedb and we'll alert you only when sinatrarb ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.