Vulnerability in Rack_project Rack

CVE-2013-0263

Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a ti…

EPSS: 0.053 (91.6th percentile) — read the EPSS interpretation.

Affected products

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2013-0263?
CVE-2013-0263 is a vulnerability in Rack_project Rack. Published 2013-02-08.
Is CVE-2013-0263 known to be exploited?
1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.