Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Rubyonrails Subscribe
Filtered by product Active Record Session Store
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-25025 1 Rubyonrails 1 Active Record Session Store 2021-03-15 5.0 MEDIUM 5.3 MEDIUM
The activerecord-session_store (aka Active Record Session Store) component through 1.1.3 for Ruby on Rails does not use a constant-time approach when delivering information about whether a guessed session ID is valid. Consequently, remote attackers can leverage timing discrepancies to achieve a correct guess in a relatively short amount of time. This is a related issue to CVE-2019-16782.