CVE-2018-16471

There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
hackeroneCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 60%
VendorProductVersion
rack_projectrack
1.6.0 ≤
𝑥
< 1.6.11
rack_projectrack
2.0.0 ≤
𝑥
< 2.0.6
debiandebian_linux
8.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ruby-rack
bullseye (security)
2.1.4-3+deb11u2
fixed
bullseye
2.1.4-3+deb11u2
fixed
bookworm
2.2.6.4-1+deb12u1
fixed
bookworm (security)
2.2.6.4-1+deb12u1
fixed
sid
2.2.7-1.1
fixed
trixie
2.2.7-1.1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ruby-rack
jammy
not-affected
impish
not-affected
hirsute
not-affected
groovy
not-affected
focal
not-affected
eoan
not-affected
disco
not-affected
cosmic
ignored
bionic
Fixed 1.6.4-4ubuntu0.1
released
xenial
Fixed 1.6.4-3ubuntu0.1
released
trusty
Fixed 1.5.2-3+deb8u3
released
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00032.html
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.html
https://groups.google.com/forum/#%21topic/rubyonrails-security/GKsAFT924Ag
https://lists.debian.org/debian-lts-announce/2018/11/msg00022.html
https://usn.ubuntu.com/4089-1/
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00032.html
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.html
https://groups.google.com/forum/#%21topic/rubyonrails-security/GKsAFT924Ag
https://lists.debian.org/debian-lts-announce/2018/11/msg00022.html
https://usn.ubuntu.com/4089-1/