[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-MGASA-2020-0252":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":18,"duplicates":19,"related":20,"reserved_at":9,"published_at":23,"modified_at":24,"state":9,"summary":25,"references_raw":27,"kevs":56,"epss":9,"epss_history":57,"metrics":58,"affected":59},"MGASA-2020-0252","Updated ruby-rack packages fix security vulnerability\n\nUpdated ruby-rack packages fix security vulnerabilities:\n\nThere's a possible information leak / session hijack vulnerability in\nRack(RubyGem rack). Attackers may be able to find and hijack sessions\nby using timing attacks targeting the session id. Session ids are usually\nstored and indexed in a database that uses some kind of scheme for\nspeeding up lookups of that session id. By carefully measuring the amount\nof time it takes to look up a session, an attacker may be able to find a\nvalid session id and hijack the session. The session id itself may be\ngenerated randomly, but the way the session is indexed by the backing\nstore does not use a secure comparison (CVE-2019-16782).\n\nIf certain directories exist in a director that is managed by\nRack::Directory, an attacker could, using this vulnerability, read the\ncontents of files on the server that were outside of the root specified\nin the Rack::Directory initializer (CVE-2020-8161).\n",null,[],[],[],[14,16],{"_key":15},"CVE-2020-8161",{"_key":17},"CVE-2019-16782",[],[],[21,22],{"_key":17},{"_key":15},"2020-06-10T22:57:01Z","2026-04-16T04:25:51.188125Z",{"cisa_kev":26,"cisa_ransomware":26,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[28,34,39,43,47,52],{"url":29,"sources":30,"tags":32},"https://advisories.mageia.org/MGASA-2020-0252.html",[31],"osv_mageia",[33],"Advisory",{"url":35,"sources":36,"tags":37},"https://bugs.mageia.org/show_bug.cgi?id=26688",[31],[38],"REPORT",{"url":40,"sources":41,"tags":42},"https://bugs.mageia.org/show_bug.cgi?id=25915",[31],[38],{"url":44,"sources":45,"tags":46},"https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3",[31],[38,33],{"url":48,"sources":49,"tags":50},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HZXMWILCICQLA2BYSP6I2CRMUG53YBLX/",[31],[38,51],"WEB",{"url":53,"sources":54,"tags":55},"https://www.debian.org/lts/security/2020/dla-2216",[31],[38,51],[],[],[],[60],{"ecosystem":61,"name":62,"vendor":63,"product":62,"cpe_part":9,"purl_type":64,"purl_namespace":63,"purl_name":62,"source":9,"versions":65},"Mageia","ruby-rack","mageia","rpm",[66],{"version":67,"is_range":68,"range_type":69,"version_start":9,"version_start_type":9,"version_end":70,"version_end_type":71,"fixed_in":9},"lt2_0_8_1_mga7",true,"ecosystem","2.0.8-1.mga7","excluding"]