Nezholio

**Name of the Vulnerable Software and Affected Versions** activerecord-session store versions through 1.1.3 **Description** The activerecord-session store component does not use a constant-time approach when delivering information about whether a guessed session ID is valid. Consequently, remote attackers can leverage timing discrepancies to achieve a correct guess in a relatively short amount of time. **Recommendations** For versions through 1.1.3, update to version 2.0.0 or later to resolve the issue.