Medium severity5.9NVD Advisory· Published Mar 7, 2018· Updated Jun 17, 2026
CVE-2018-1000119
CVE-2018-1000119
Description
Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby application. This vulnerability appears to have been fixed in 1.5.5 and 2.0.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
rack-protectionRubyGems | < 1.5.5 | 1.5.5 |
rack-protectionRubyGems | >= 2.0.0.beta1, < 2.0.0 | 2.0.0 |
Affected products
1Patches
Vulnerability mechanics
References
7- github.com/sinatra/sinatra/commit/8aa6c42ef724f93ae309fb7c5668e19ad547ecebnvdIssue TrackingPatchThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2018:1060nvdThird Party AdvisoryWEB
- github.com/advisories/GHSA-688c-3x49-6rqjghsaADVISORY
- github.com/sinatra/rack-protection/pull/98nvdIssue TrackingThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2018-1000119ghsaADVISORY
- github.com/rubysec/ruby-advisory-db/blob/master/gems/rack-protection/CVE-2018-1000119.ymlghsaWEB
- www.debian.org/security/2018/dsa-4247nvdWEB
News mentions
0No linked articles in our index yet.