title: rack-protection gem timing attack vulnerability when validating CSRF token
Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains
a timing attack vulnerability in the CSRF token checking that can result in signatures
can be exposed. This attack appear to be exploitable via network connectivity to
the ruby application.
- "~> 1.5.5"
- ">= 2.0.0"