| Package | ruby-rack |
|---|---|
| Version | 1.5.2-3+deb8u4 |
| Related CVEs | CVE-2020-8184 |
A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.
For Debian 8 jessie, these problems have been fixed in version 1.5.2-3+deb8u4.
We recommend that you upgrade your ruby-rack packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.