📦

active_record_session_store

Vendor: rubyonrails

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 0 Remote Access

Total CVEs 1 Total Indexed

Avg. EPSS 0.14% Exploit Prob.

Latest CVE CVE-2019-25025 Mar 05

Security Vulnerability Index

Page 1 / 1

5.3 CVSS

CVE-2019-25025

The activerecord-session_store (aka Active Record Session Store) component through 1.1.3 for Ruby on Rails does not use a constant-time approach when delivering information about whether a guessed session ID is valid. Consequently, remote attackers can leverage timing discrepancies to achieve a correct guess in a relatively short amount of time. This is a related issue to CVE-2019-16782.

EPSS: 0.14%

Severity: MEDIUM

Mar 05, 2021

Displaying 1 of 1 Total Entries

Total 1 Sections