github - GHSA-5r2p-j47h-mhpg

GHSA-5r2p-j47h-mhpg

Vulnerability from github

Published

2018-11-15 15:59

Modified

2023-08-28 12:48

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

Rack vulnerable to Cross-site Scripting

Details

There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the scheme method on Rack::Request. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable.

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "rack"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.0.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "rack"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.6.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2018-16471"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:17:10Z",
    "nvd_published_at": "2018-11-13T23:29:00Z",
    "severity": "MODERATE"
  },
  "details": "There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to \u0027http\u0027 or \u0027https\u0027 and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable.",
  "id": "GHSA-5r2p-j47h-mhpg",
  "modified": "2023-08-28T12:48:11Z",
  "published": "2018-11-15T15:59:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16471"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/rack/rack"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2018-16471.yml"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/NAalCee8n6o"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/GKsAFT924Ag"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00022.html"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4089-1"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00032.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Rack vulnerable to Cross-site Scripting"
}

cve-2018-16471

Vulnerability from cvelistv5

Published

2018-11-13 23:00

Modified

2024-08-05 10:24

Severity ?

Summary

There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable.

References

▼	URL	Tags
	https://groups.google.com/forum/#%21topic/rubyonrails-security/GKsAFT924Ag	x_refsource_MISC
	https://lists.debian.org/debian-lts-announce/2018/11/msg00022.html	mailing-list, x_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00032.html	vendor-advisory, x_refsource_SUSE
	https://usn.ubuntu.com/4089-1/	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.html	vendor-advisory, x_refsource_SUSE

Impacted products

▼	Vendor	Product
	Rack	Rack

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T10:24:32.587Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://groups.google.com/forum/#%21topic/rubyonrails-security/GKsAFT924Ag"
          },
          {
            "name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1585-1] ruby-rack security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00022.html"
          },
          {
            "name": "openSUSE-SU-2019:1553",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00032.html"
          },
          {
            "name": "USN-4089-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4089-1/"
          },
          {
            "name": "openSUSE-SU-2020:0214",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Rack",
          "vendor": "Rack",
          "versions": [
            {
              "status": "affected",
              "version": "2.0.6, 1.6.11"
            }
          ]
        }
      ],
      "datePublic": "2018-11-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to \u0027http\u0027 or \u0027https\u0027 and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Cross-site Scripting (XSS) - Stored (CWE-79)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-12T21:06:06",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://groups.google.com/forum/#%21topic/rubyonrails-security/GKsAFT924Ag"
        },
        {
          "name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1585-1] ruby-rack security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00022.html"
        },
        {
          "name": "openSUSE-SU-2019:1553",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00032.html"
        },
        {
          "name": "USN-4089-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4089-1/"
        },
        {
          "name": "openSUSE-SU-2020:0214",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "support@hackerone.com",
          "ID": "CVE-2018-16471",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Rack",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.0.6, 1.6.11"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Rack"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to \u0027http\u0027 or \u0027https\u0027 and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-site Scripting (XSS) - Stored (CWE-79)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://groups.google.com/forum/#!topic/rubyonrails-security/GKsAFT924Ag",
              "refsource": "MISC",
              "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/GKsAFT924Ag"
            },
            {
              "name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1585-1] ruby-rack security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00022.html"
            },
            {
              "name": "openSUSE-SU-2019:1553",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00032.html"
            },
            {
              "name": "USN-4089-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4089-1/"
            },
            {
              "name": "openSUSE-SU-2020:0214",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2018-16471",
    "datePublished": "2018-11-13T23:00:00",
    "dateReserved": "2018-09-04T00:00:00",
    "dateUpdated": "2024-08-05T10:24:32.587Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

gsd-2018-16471

Vulnerability from gsd

Modified

2018-11-05 00:00

Details

There is a possible vulnerability in Rack. This vulnerability has been assigned the CVE identifier CVE-2018-16471. Versions Affected: All. Not affected: None. Fixed Versions: 2.0.6, 1.6.11 Impact ------ There is a possible XSS vulnerability in Rack. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to "http" or "https" and do not escape the return value could be vulnerable to an XSS attack. Vulnerable code looks something like this: ``` <%= request.scheme.html_safe %> ``` Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable. All users running an affected release should either upgrade or use one of the workarounds immediately. Releases -------- The 2.0.6 and 1.6.11 releases are available at the normal locations. Workarounds ----------- The following monkey patch can be applied to work around this issue: ``` require "rack" require "rack/request" class Rack::Request SCHEME_WHITELIST = %w(https http).freeze def scheme if get_header(Rack::HTTPS) == 'on' 'https' elsif get_header(HTTP_X_FORWARDED_SSL) == 'on' 'https' elsif forwarded_scheme forwarded_scheme else get_header(Rack::RACK_URL_SCHEME) end end def forwarded_scheme scheme_headers = [ get_header(HTTP_X_FORWARDED_SCHEME), get_header(HTTP_X_FORWARDED_PROTO).to_s.split(',')[0] ] scheme_headers.each do |header| return header if SCHEME_WHITELIST.include?(header) end nil end end ```

Aliases

CVE-2018-16471

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-16471",
    "description": "There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to \u0027http\u0027 or \u0027https\u0027 and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable.",
    "id": "GSD-2018-16471",
    "references": [
      "https://www.suse.com/security/cve/CVE-2018-16471.html",
      "https://ubuntu.com/security/CVE-2018-16471",
      "https://advisories.mageia.org/CVE-2018-16471.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "affected": [
        {
          "package": {
            "ecosystem": "RubyGems",
            "name": "rack",
            "purl": "pkg:gem/rack"
          }
        }
      ],
      "aliases": [
        "CVE-2018-16471",
        "GHSA-5r2p-j47h-mhpg"
      ],
      "details": "There is a possible vulnerability in Rack. This vulnerability has been\nassigned the CVE identifier CVE-2018-16471.\n\nVersions Affected:  All.\nNot affected:       None.\nFixed Versions:     2.0.6, 1.6.11\n\nImpact\n------\nThere is a possible XSS vulnerability in Rack.  Carefully crafted requests can\nimpact the data returned by the `scheme` method on `Rack::Request`.\nApplications that expect the scheme to be limited to \"http\" or \"https\" and do\nnot escape the return value could be vulnerable to an XSS attack.\n\nVulnerable code looks something like this:\n\n```\n\u003c%= request.scheme.html_safe %\u003e\n```\n\nNote that applications using the normal escaping mechanisms provided by Rails\nmay not impacted, but applications that bypass the escaping mechanisms, or do\nnot use them may be vulnerable.\n\nAll users running an affected release should either upgrade or use one of the\nworkarounds immediately.\n\nReleases\n--------\nThe 2.0.6 and 1.6.11 releases are available at the normal locations.\n\nWorkarounds\n-----------\nThe following monkey patch can be applied to work around this issue:\n\n```\nrequire \"rack\"\nrequire \"rack/request\"\n\nclass Rack::Request\nSCHEME_WHITELIST = %w(https http).freeze\n\ndef scheme\n  if get_header(Rack::HTTPS) == \u0027on\u0027\n    \u0027https\u0027\n  elsif get_header(HTTP_X_FORWARDED_SSL) == \u0027on\u0027\n    \u0027https\u0027\n  elsif forwarded_scheme\n    forwarded_scheme\n  else\n    get_header(Rack::RACK_URL_SCHEME)\n  end\nend\n\ndef forwarded_scheme\n  scheme_headers = [\n    get_header(HTTP_X_FORWARDED_SCHEME),\n    get_header(HTTP_X_FORWARDED_PROTO).to_s.split(\u0027,\u0027)[0]\n  ]\n\n  scheme_headers.each do |header|\n    return header if SCHEME_WHITELIST.include?(header)\n  end\n\n  nil\nend\nend\n```\n",
      "id": "GSD-2018-16471",
      "modified": "2018-11-05T00:00:00.000Z",
      "published": "2018-11-05T00:00:00.000Z",
      "references": [
        {
          "type": "WEB",
          "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/NAalCee8n6o"
        }
      ],
      "schema_version": "1.4.0",
      "summary": "Possible XSS vulnerability in Rack"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "support@hackerone.com",
        "ID": "CVE-2018-16471",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Rack",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "2.0.6, 1.6.11"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Rack"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to \u0027http\u0027 or \u0027https\u0027 and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Cross-site Scripting (XSS) - Stored (CWE-79)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://groups.google.com/forum/#!topic/rubyonrails-security/GKsAFT924Ag",
            "refsource": "MISC",
            "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/GKsAFT924Ag"
          },
          {
            "name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1585-1] ruby-rack security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00022.html"
          },
          {
            "name": "openSUSE-SU-2019:1553",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00032.html"
          },
          {
            "name": "USN-4089-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/4089-1/"
          },
          {
            "name": "openSUSE-SU-2020:0214",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.html"
          }
        ]
      }
    },
    "github.com/rubysec/ruby-advisory-db": {
      "cve": "2018-16471",
      "date": "2018-11-05",
      "description": "There is a possible vulnerability in Rack. This vulnerability has been\nassigned the CVE identifier CVE-2018-16471.\n\nVersions Affected:  All.\nNot affected:       None.\nFixed Versions:     2.0.6, 1.6.11\n\nImpact\n------\nThere is a possible XSS vulnerability in Rack.  Carefully crafted requests can\nimpact the data returned by the `scheme` method on `Rack::Request`.\nApplications that expect the scheme to be limited to \"http\" or \"https\" and do\nnot escape the return value could be vulnerable to an XSS attack.\n\nVulnerable code looks something like this:\n\n```\n\u003c%= request.scheme.html_safe %\u003e\n```\n\nNote that applications using the normal escaping mechanisms provided by Rails\nmay not impacted, but applications that bypass the escaping mechanisms, or do\nnot use them may be vulnerable.\n\nAll users running an affected release should either upgrade or use one of the\nworkarounds immediately.\n\nReleases\n--------\nThe 2.0.6 and 1.6.11 releases are available at the normal locations.\n\nWorkarounds\n-----------\nThe following monkey patch can be applied to work around this issue:\n\n```\nrequire \"rack\"\nrequire \"rack/request\"\n\nclass Rack::Request\nSCHEME_WHITELIST = %w(https http).freeze\n\ndef scheme\n  if get_header(Rack::HTTPS) == \u0027on\u0027\n    \u0027https\u0027\n  elsif get_header(HTTP_X_FORWARDED_SSL) == \u0027on\u0027\n    \u0027https\u0027\n  elsif forwarded_scheme\n    forwarded_scheme\n  else\n    get_header(Rack::RACK_URL_SCHEME)\n  end\nend\n\ndef forwarded_scheme\n  scheme_headers = [\n    get_header(HTTP_X_FORWARDED_SCHEME),\n    get_header(HTTP_X_FORWARDED_PROTO).to_s.split(\u0027,\u0027)[0]\n  ]\n\n  scheme_headers.each do |header|\n    return header if SCHEME_WHITELIST.include?(header)\n  end\n\n  nil\nend\nend\n```\n",
      "gem": "rack",
      "ghsa": "5r2p-j47h-mhpg",
      "patched_versions": [
        "~\u003e 1.6.11",
        "\u003e= 2.0.6"
      ],
      "title": "Possible XSS vulnerability in Rack",
      "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/NAalCee8n6o"
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003e=1.6.0 \u003c1.6.11||\u003e=2.0.0 \u003c2.0.6",
          "affected_versions": "All versions starting from 1.6.0 before 1.6.11, all versions starting from 2.0.0 before 2.0.6",
          "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-79",
            "CWE-937"
          ],
          "date": "2019-06-13",
          "description": "There is a possible XSS vulnerability in Rack. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to HTTP or HTTPS and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not be impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable.",
          "fixed_versions": [
            "1.6.11",
            "2.0.6"
          ],
          "identifier": "CVE-2018-16471",
          "identifiers": [
            "CVE-2018-16471"
          ],
          "not_impacted": "All versions before 1.6.0, all versions starting from 1.6.11 before 2.0.0, all versions starting from 2.0.6",
          "package_slug": "gem/rack",
          "pubdate": "2018-11-13",
          "solution": "Upgrade to versions 1.6.11, 2.0.6 or above.",
          "title": "Cross-site Scripting",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2018-16471"
          ],
          "uuid": "effd904a-dbb5-4117-945f-fe7e235d2380"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:rack_project:rack:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.6.11",
                "versionStartIncluding": "1.6.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rack_project:rack:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.0.6",
                "versionStartIncluding": "2.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve-assignments@hackerone.com",
          "ID": "CVE-2018-16471"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to \u0027http\u0027 or \u0027https\u0027 and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://groups.google.com/forum/#!topic/rubyonrails-security/GKsAFT924Ag",
              "refsource": "MISC",
              "tags": [
                "Mailing List",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/GKsAFT924Ag"
            },
            {
              "name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1585-1] ruby-rack security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00022.html"
            },
            {
              "name": "openSUSE-SU-2019:1553",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00032.html"
            },
            {
              "name": "USN-4089-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "https://usn.ubuntu.com/4089-1/"
            },
            {
              "name": "openSUSE-SU-2020:0214",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2019-06-13T21:29Z",
      "publishedDate": "2018-11-13T23:29Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

GHSA-5r2p-j47h-mhpg

Vulnerability from github

cve-2018-16471

Vulnerability from cvelistv5

gsd-2018-16471

Vulnerability from gsd

Tags

Sightings

Nomenclature