Vulnerability Details : CVE-2018-16471
There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2018-16471
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:rack_project:rack:*:*:*:*:*:*:*:*
- cpe:2.3:a:rack_project:rack:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-16471
0.32%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 71 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-16471
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST | |
6.1
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
2.8
|
2.7
|
NIST |
CWE ids for CVE-2018-16471
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by:
- nvd@nist.gov (Primary)
- support@hackerone.com (Secondary)
References for CVE-2018-16471
-
https://lists.debian.org/debian-lts-announce/2018/11/msg00022.html
[SECURITY] [DLA 1585-1] ruby-rack security updateMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00032.html
[security-announce] openSUSE-SU-2019:1553-1: moderate: Security update f
-
https://usn.ubuntu.com/4089-1/
USN-4089-1: Rack vulnerability | Ubuntu security notices
-
https://groups.google.com/forum/#!topic/rubyonrails-security/GKsAFT924Ag
[CVE-2018-16471] Possible XSS vulnerability in Rack - Google GroepenMailing List;Patch;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.html
[security-announce] openSUSE-SU-2020:0214-1: moderate: Security update f
Jump to