What is CVE-2020-8184?

CVE-2020-8184 is a vulnerability in Https://github.com/rack/rack, classified under CWE-784. Published 2020-06-19.

Is CVE-2020-8184 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Https://github.com/rack/rack

CVE-2020-8184

A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.

EPSS: 0.008 (74.6th percentile) — read the EPSS interpretation.

Affected products

N/a Https://github.com/rack/rack — versions rack >= 2.2.3, rack >= 2.1.4

Weakness classification (CWE)

CWE-784

Public proof-of-concept exploits

References

hackerone.com/reports/895727
groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak
[debian-lts-announce] 20200710 [SECURITY] [DLA 2275-1] ruby-rack security update (mailing-list)
USN-4561-1 (vendor-advisory)
[debian-lts-announce] 20230130 [SECURITY] [DLA 3298-1] ruby-rack security update (mailing-list)

Frequently asked questions

What is CVE-2020-8184?: CVE-2020-8184 is a vulnerability in Https://github.com/rack/rack, classified under CWE-784. Published 2020-06-19.
Is CVE-2020-8184 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.