PT-2020-5644 · Ruby+6 · Rack+6

Published

2020-06-19

·

Updated

2026-03-13

·

CVE-2020-8184

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Name of the Vulnerable Software and Affected Versions rack versions prior to 2.2.3 rack versions prior to 2.1.4
Description A security issue exists due to a reliance on cookies without proper validation or integrity checks, making it possible for an attacker to forge a secure or host-only cookie prefix. This vulnerability is related to the parse cookies header function in the utils.rb module, which lacks sufficient input validation mechanisms. Exploitation of this issue may allow a remote attacker to impact data integrity.
Recommendations For versions prior to 2.2.3, update to version 2.2.3 or later. For versions prior to 2.1.4, update to version 2.1.4 or later. As a temporary workaround, consider implementing additional validation or integrity checks for cookies to minimize the risk of exploitation.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-784

Related Identifiers

ALT-PU-2023-1412
ALT-PU-2023-4276
ALT-PU-2024-7824
BDU:2021-01344
BIT-LIBPHP-2020-7070
BIT-PHP-2020-7070
BIT-PHP-MIN-2020-7070
CVE-2020-8184
DLA-2275-1
DLA-3298-1
GHSA-J6W9-FV6Q-3Q52
MGASA-2020-0306
OESA-2022-1729
OPENSUSE-SU-2020:1993-1
OPENSUSE-SU-2020:2000-1
OPENSUSE-SU-2020_1993-1
OPENSUSE-SU-2020_2000-1
OPENSUSE-SU-2022_3347-1
OPENSUSE-SU-2024:10589-1
OPENSUSE-SU-2024:11344-1
OPENSUSE-SU-2024:12119-1
OPENSUSE-SU-2024:12397-1
OPENSUSE-SU-2024:12974-1
OPENSUSE-SU-2024:13167-1
OPENSUSE-SU-2024:13726-1
OPENSUSE-SU-2024:13727-1
OPENSUSE-SU-2025:14811-1
OPENSUSE-SU-2025:14875-1
OPENSUSE-SU-2026:10286-1
OPENSUSE-SU-2026:10358-1
RHSA-2020:4366
SUSE-RU-2020:2161-1
SUSE-SU-2020:2678-1
SUSE-SU-2020:3036-1
SUSE-SU-2020:3147-1
SUSE-SU-2020:3160-1
SUSE-SU-2022:3347-1
USN-4561-1
USN-4561-2
USN-5253-1

Affected Products

Alt Linux
Astra Linux
Linuxmint
Red Os
Suse
Ubuntu
Rack