Sep 28, 2020 8:00 pm EDT
Categorized: Medium Severity
Share this post:
A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix. Prior to discovery of this vulnerability, Aspera on Cloud used rack gem V2.2.2. Once the vulnerability was identified the version of rack gem used was upgraded to V2.2.3, which does not contain this vulnerability. Affected product(s) and affected version(s):
| Affected Product(s) | Version(s) |
| Aspera on Cloud | All |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6338791
from IBM Product Security Incident Response Team https://ift.tt/30gwrjK
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.