OPENSUSE-SU-2020:0214-1
Advisory lineage Upstream: 2 Downstream: 0
Upstream
Published: 12 Feb 2020, 15:13
Last modified:04 Feb 2026, 04:14
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
12 Feb 2020, 15:13
Published
Vulnerability first disclosed
04 Feb 2026, 04:14
Last Modified
Vulnerability information updated
Description
Security update for rubygem-rack This update for rubygem-rack to version 2.0.8 fixes the following issues: - CVE-2018-16471: Fixed a cross-site scripting (XSS) flaw via the scheme method on Rack::Request (bsc#1116600). - CVE-2019-16782: Fixed a possible information leak and session hijack vulnerability (bsc#1159548). This update was imported from the SUSE:SLE-15:Update update project.
Affected Systems
- opensuse•rubygem-rack&distro=openSUSE Leap 15.1
< 2.0.8-lp151.3.3.1
References (6)
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PWBQQBBNBE3RHXMQEZDL7RQ4YUOWFJS5/
- https://bugzilla.suse.com/1114828
- https://bugzilla.suse.com/1116600
- https://bugzilla.suse.com/1159548
- https://www.suse.com/security/cve/CVE-2018-16471
- https://www.suse.com/security/cve/CVE-2019-16782