ADVISORIES
GEM
SEVERITY
CVSS v3.x: 5.9 (Medium)
CVSS v2.0: 4.3 (Medium)
PATCHED VERSIONS
- ~> 1.5.5
- >= 2.0.0
DESCRIPTION
Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby application.