rack-cache Rubygem Sensitive HTTP Header Caching Weakness
Published: June 06, 2012
SECURITY IDENTIFIERS
- CVE: CVE-2012-2671 (NVD)
- GHSA: GHSA-hrp6-w4v2-8737
- OSVDB: OSVDB-83077
GEM
SEVERITY
CVSS v2.0: 7.5 (High)
PATCHED VERSIONS
>= 1.2
DESCRIPTION
Rack::Cache (rack-cache) contains a flaw related to the rubygem caching sensitive HTTP headers. This will result in a weakness that may make it easier for an attacker to gain access to a user's session via a specially crafted header.