Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ0dmYtOGZmbS12MnFo

Sensitive Data Exposure in rails-session-decoder

All versions of rails-session-decoder are missing verification of the Message Authentication Code appended to the cookies. This may lead to decryption of cipher text thus exposing encrypted information.

Recommendation

No fix is currently available. Consider using an alternative module until a fix is made available.

Permalink: https://github.com/advisories/GHSA-44vf-8ffm-v2qh
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ0dmYtOGZmbS12MnFo
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 4 years ago
Updated: about 2 years ago

Identifiers: GHSA-44vf-8ffm-v2qh
References:

Blast Radius: 0.0

Affected Packages

npm:rails-session-decoder

Dependent packages: 2
Dependent repositories: 4
Downloads: 10,509 last month
Affected Version Ranges: >= 0.0.0
No known fixed version
All affected versions: 0.0.0, 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.1.0