High severity7.5NVD Advisory· Published Jun 19, 2020· Updated Jun 17, 2026
CVE-2020-8184
CVE-2020-8184
Description
A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
rackRubyGems | < 2.1.4 | 2.1.4 |
rackRubyGems | >= 2.2.0, < 2.2.3 | 2.2.3 |
Affected products
122- rack/rackdescription
- ghsa-coords121 versionspkg:gem/rackpkg:rpm/opensuse/rmt-server&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/rmt-server&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/rmt-server&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/ruby3.2-rubygem-rack-2.2&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/ruby3.2-rubygem-rack&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/rubygem-rack-2.2&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/rubygem-rack&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/rubygem-rack&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/rubygem-rack&distro=openSUSE%20Tumbleweedpkg:rpm/suse/ansible1&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/ardana-ansible&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/ardana-cobbler&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/ardana-glance&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/ardana-input-model&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/ardana-logging&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/ardana-manila&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/ardana-monasca&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/ardana-mq&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/ardana-neutron&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/ardana-octavia&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/ardana-tempest&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/crowbar-core&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/crowbar-openstack&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/grafana&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/grafana&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/kibana&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/kibana&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-barbican&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-barbican&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-ceilometer&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-ceilometer&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-cinder&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-cinder&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-dashboard&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-dashboard&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-designate&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-designate&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-heat-templates&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-heat-templates&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-ironic&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-ironic&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-keystone&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-keystone&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-magnum&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-magnum&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-manila&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-manila&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-monasca-agent&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-monasca-agent&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-neutron&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-neutron&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-neutron-vsphere&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-neutron-vsphere&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-nova&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-nova&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-octavia-amphora-image&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-octavia-amphora-image&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-octavia&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-octavia&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-resource-agents&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-resource-agents&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/python-ardana-packager&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python-Django1&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python-Django1&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/python-heatclient&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python-heatclient&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/python-neutron-tempest-plugin&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python-neutron-tempest-plugin&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/python-octavia-tempest-plugin&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python-octavia-tempest-plugin&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/python-os-brick&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python-os-brick&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/python-oslo.messaging&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python-oslo.messaging&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/python-Pillow&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python-Pillow&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/python-pyroute2&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python-pyroute2&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/python-urllib3&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python-urllib3&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/python-waitress&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python-waitress&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/release-notes-suse-openstack-cloud&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/release-notes-suse-openstack-cloud&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/rmt-server&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/rmt-server&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/rmt-server&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP1pkg:rpm/suse/rmt-server&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP2pkg:rpm/suse/rmt-server&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP1pkg:rpm/suse/rmt-server&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP2pkg:rpm/suse/rmt-server&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/rmt-server&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/rubygem-activeresource&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/rubygem-json-1_7&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/rubygem-puma&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/rubygem-rack&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015pkg:rpm/suse/rubygem-rack&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP1pkg:rpm/suse/rubygem-rack&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP2pkg:rpm/suse/rubygem-rack&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP3pkg:rpm/suse/rubygem-rack&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP4pkg:rpm/suse/rubygem-rack&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/rubygem-rack&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/rubygem-rack&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/venv-openstack-barbican&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-cinder&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-designate&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-glance&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-heat&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-horizon&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-ironic&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-keystone&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-magnum&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-manila&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-monasca-ceilometer&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-monasca&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-neutron&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-nova&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-octavia&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-sahara&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-swift&distro=SUSE%20OpenStack%20Cloud%209
< 2.1.4+ 120 more
- (no CPE)range: < 2.1.4
- (no CPE)range: < 2.6.5-lp151.2.18.2
- (no CPE)range: < 2.6.5-lp152.2.3.1
- (no CPE)range: < 2.6.13-1.1
- (no CPE)range: < 2.2.7-1.1
- (no CPE)range: < 3.0.7-1.2
- (no CPE)range: < 2.2.4-1.1
- (no CPE)range: < 2.0.8-150000.3.9.1
- (no CPE)range: < 2.0.8-150000.3.9.1
- (no CPE)range: < 2.2.3.1-1.1
- (no CPE)range: < 1.9.6-9.7.2
- (no CPE)range: < 9.0+git.1591138508.e269bdb-3.22.2
- (no CPE)range: < 9.0+git.1588181228.bae3b1f-3.13.2
- (no CPE)range: < 9.0+git.1593631708.9354a78-3.13.2
- (no CPE)range: < 9.0+git.1589740948.c24fc0b-3.19.2
- (no CPE)range: < 9.0+git.1591193994.d93b668-3.13.2
- (no CPE)range: < 9.0+git.1594158642.b5905e4-3.12.2
- (no CPE)range: < 9.0+git.1589385256.7fbfaaf-3.19.2
- (no CPE)range: < 9.0+git.1593618110.cbd1a37-3.16.2
- (no CPE)range: < 9.0+git.1590756257.e09d54f-3.22.2
- (no CPE)range: < 9.0+git.1590079609.a2ae6ab-3.19.2
- (no CPE)range: < 9.0+git.1593033709.9495bb2-3.16.2
- (no CPE)range: < 6.0+git.1594619891.b75a61d0d-3.25.5
- (no CPE)range: < 6.0+git.1591795073.49cb6400e-3.25.3
- (no CPE)range: < 6.2.5-3.12.2
- (no CPE)range: < 6.2.5-3.12.2
- (no CPE)range: < 4.6.3-4.3.2
- (no CPE)range: < 4.6.3-4.3.2
- (no CPE)range: < 7.0.1~dev24-3.9.5
- (no CPE)range: < 7.0.1~dev24-3.9.5
- (no CPE)range: < 11.1.1~dev7-3.16.3
- (no CPE)range: < 11.1.1~dev7-3.16.3
- (no CPE)range: < 13.0.10~dev12-3.22.4
- (no CPE)range: < 13.0.10~dev12-3.22.4
- (no CPE)range: < 14.1.1~dev6-3.15.5
- (no CPE)range: < 14.1.1~dev6-3.15.5
- (no CPE)range: < 7.0.2~dev2-3.19.3
- (no CPE)range: < 7.0.2~dev2-3.19.3
- (no CPE)range: < 0.0.0+git.1582270132.8a20477-3.6.2
- (no CPE)range: < 0.0.0+git.1582270132.8a20477-3.6.2
- (no CPE)range: < 11.1.5~dev6-3.19.3
- (no CPE)range: < 11.1.5~dev6-3.19.3
- (no CPE)range: < 14.2.1~dev4-3.22.3
- (no CPE)range: < 14.2.1~dev4-3.22.3
- (no CPE)range: < 7.2.1~dev1-3.13.3
- (no CPE)range: < 7.2.1~dev1-3.13.3
- (no CPE)range: < 7.4.2~dev31-4.24.3
- (no CPE)range: < 7.4.2~dev31-4.24.3
- (no CPE)range: < 2.8.2~dev5-3.9.3
- (no CPE)range: < 2.8.2~dev5-3.9.3
- (no CPE)range: < 13.0.8~dev68-3.25.3
- (no CPE)range: < 13.0.8~dev68-3.25.3
- (no CPE)range: < 2.0.1~dev167-3.3.3
- (no CPE)range: < 2.0.1~dev167-3.3.3
- (no CPE)range: < 18.3.1~dev38-3.25.4
- (no CPE)range: < 18.3.1~dev38-3.25.4
- (no CPE)range: < 0.1.4-7.12.3
- (no CPE)range: < 0.1.4-7.12.3
- (no CPE)range: < 3.2.3~dev7-3.25.3
- (no CPE)range: < 3.2.3~dev7-3.25.3
- (no CPE)range: < 1.0+git.1569436425.8b9c49f-5.3.2
- (no CPE)range: < 1.0+git.1569436425.8b9c49f-5.3.2
- (no CPE)range: < 0.0.3-9.3.2
- (no CPE)range: < 1.11.29-3.15.2
- (no CPE)range: < 1.11.29-3.15.2
- (no CPE)range: < 1.16.3-3.3.3
- (no CPE)range: < 1.16.3-3.3.3
- (no CPE)range: < 0.2.0-3.3.2
- (no CPE)range: < 0.2.0-3.3.2
- (no CPE)range: < 0.2.0-3.3.2
- (no CPE)range: < 0.2.0-3.3.2
- (no CPE)range: < 2.5.10-3.12.3
- (no CPE)range: < 2.5.10-3.12.3
- (no CPE)range: < 8.1.4-3.6.2
- (no CPE)range: < 8.1.4-3.6.2
- (no CPE)range: < 5.2.0-3.3.2
- (no CPE)range: < 5.2.0-3.3.2
- (no CPE)range: < 0.5.2-4.3.2
- (no CPE)range: < 0.5.2-4.3.2
- (no CPE)range: < 1.23-3.12.2
- (no CPE)range: < 1.23-3.12.2
- (no CPE)range: < 1.4.3-3.3.1
- (no CPE)range: < 1.4.3-3.3.1
- (no CPE)range: < 9.20200610-3.21.4
- (no CPE)range: < 9.20200610-3.21.4
- (no CPE)range: < 2.6.5-3.34.1
- (no CPE)range: < 2.6.5-3.34.1
- (no CPE)range: < 2.6.5-3.18.1
- (no CPE)range: < 2.6.5-3.3.1
- (no CPE)range: < 2.6.5-3.18.1
- (no CPE)range: < 2.6.5-3.3.1
- (no CPE)range: < 2.6.5-3.34.1
- (no CPE)range: < 2.6.5-3.34.1
- (no CPE)range: < 4.0.0-4.3.1
- (no CPE)range: < 1.7.7-4.3.1
- (no CPE)range: < 2.16.0-4.9.1
- (no CPE)range: < 2.0.8-150000.3.9.1
- (no CPE)range: < 2.0.8-150000.3.9.1
- (no CPE)range: < 2.0.8-150000.3.9.1
- (no CPE)range: < 2.0.8-150000.3.9.1
- (no CPE)range: < 2.0.8-150000.3.9.1
- (no CPE)range: < 1.6.13-3.8.1
- (no CPE)range: < 1.6.13-3.8.1
- (no CPE)range: < 1.6.13-3.8.1
- (no CPE)range: < 7.0.1~dev24-3.19.3
- (no CPE)range: < 13.0.10~dev12-3.19.2
- (no CPE)range: < 7.0.2~dev2-3.19.2
- (no CPE)range: < 17.0.1~dev30-3.17.2
- (no CPE)range: < 11.0.3~dev35-3.19.2
- (no CPE)range: < 14.1.1~dev6-4.18.3
- (no CPE)range: < 11.1.5~dev6-4.15.2
- (no CPE)range: < 14.2.1~dev4-3.19.2
- (no CPE)range: < 7.2.1~dev1-4.19.2
- (no CPE)range: < 7.4.2~dev31-3.21.2
- (no CPE)range: < 1.8.2~dev3-3.19.2
- (no CPE)range: < 2.7.1~dev10-3.17.3
- (no CPE)range: < 13.0.8~dev68-6.19.2
- (no CPE)range: < 18.3.1~dev38-3.19.3
- (no CPE)range: < 3.2.3~dev7-4.19.2
- (no CPE)range: < 9.0.2~dev15-3.19.2
- (no CPE)range: < 2.19.2~dev48-2.14.2
Patches
Vulnerability mechanics
References
10- groups.google.com/g/rubyonrails-security/c/OWtmozPH9AknvdMailing ListPatchThird Party AdvisoryWEB
- hackerone.com/reports/895727nvdExploitPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-j6w9-fv6q-3q52ghsaADVISORY
- lists.debian.org/debian-lts-announce/2020/07/msg00006.htmlnvdMailing ListThird Party AdvisoryWEB
- lists.debian.org/debian-lts-announce/2023/01/msg00038.htmlnvdMailing ListThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2020-8184ghsaADVISORY
- usn.ubuntu.com/4561-1/nvdThird Party Advisory
- github.com/rack/rack/commit/1f5763de6a9fe515ff84992b343d63c88104654cghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2020-8184.ymlghsaWEB
- usn.ubuntu.com/4561-1ghsaWEB
News mentions
0No linked articles in our index yet.