In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade pay to version 11.6.2 or higher.
pay is a package for processing payments in Ruby on Rails apps
Affected versions of this package are vulnerable to Timing Attack via the valid_signature? function. An attacker can recover valid webhook signatures by sending multiple requests with crafted Paddle-Signature header values and measuring response times, allowing them to forge webhook events and potentially manipulate billing state.