New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WS-2017-0274 (Medium) detected in rack-1.5.2.gem #33

Open

mend-bolt-for-github bot opened this issue Apr 19, 2020 · 0 comments

Labels

security vulnerability

Contributor

mend-bolt-for-github bot commented Apr 19, 2020

WS-2017-0274 - Medium Severity Vulnerability

Vulnerable Library - rack-1.5.2.gem

Rack provides a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between (the so-called middleware) into a single method call.

Also see http://rack.github.com/.

Library home page: https://rubygems.org/gems/rack-1.5.2.gem

Path to dependency file: /tmp/ws-scm/app1/Gemfile.lock

Path to vulnerable library: /var/lib/gems/2.5.0/cache/rack-1.5.2.gem

Dependency Hierarchy:

sass-rails-4.0.3.gem (Root Library)
- sprockets-2.11.0.gem
  - ❌ rack-1.5.2.gem (Vulnerable Library)

Found in HEAD commit: 9d946faa10e3050193fb56220287f7565773de83

Vulnerability Details

Affected versions on the Rack package (1.4.0 before 1.6.0), are vulnerable to IP spoofing via X-Forwarded-For and Client-IP headers.

Publish Date: 2017-08-02

URL: WS-2017-0274

CVSS 2 Score Details (5.5)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: rack/rack@7a8efc2

Release Date: 2017-01-31

Fix Resolution: 1.6.0

The text was updated successfully, but these errors were encountered:

mend-bolt-for-github bot added the security vulnerability label

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment