Test Kennung:	1.3.6.1.4.1.25623.1.0.892275
Kategorie:	Debian Local Security Checks
Titel:	Debian LTS: Security Advisory for ruby-rack (DLA-2275-1)
Zusammenfassung:	The remote host is missing an update for the 'ruby-rack'; package(s) announced via the DLA-2275-1 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'ruby-rack' package(s) announced via the DLA-2275-1 advisory. Vulnerability Insight: The following CVEs were reported against src:ruby-rack. CVE-2020-8161 A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure. CVE-2020-8184 A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix. Affected Software/OS: 'ruby-rack' package(s) on Debian Linux. Solution: For Debian 9 stretch, these problems have been fixed in version 1.6.4-4+deb9u2. We recommend that you upgrade your ruby-rack packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2020-8161 https://groups.google.com/g/rubyonrails-security/c/IOO1vNZTzPA https://hackerone.com/reports/434404 https://lists.debian.org/debian-lts-announce/2020/07/msg00006.html https://usn.ubuntu.com/4561-1/ Common Vulnerability Exposure (CVE) ID: CVE-2020-8184 https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak https://hackerone.com/reports/895727
Copyright	Copyright (C) 2020 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.