Improper Input Validation Affecting rails_multisite Open this link in a new tab package, versions <4.0.0
Attack Complexity
High
Privileges Required
High
Confidentiality
High
Availability
High
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications-
snyk-id
SNYK-RUBY-RAILSMULTISITE-1921088
-
published
16 Nov 2021
-
disclosed
15 Nov 2021
-
credit
Unknown
How to fix?
Upgrade rails_multisite
to version 4.0.0 or higher.
Overview
rails_multisite is a gem for multi-db support for Rails applications.
Affected versions of this package are vulnerable to Improper Input Validation. Secure/signed cookies share secrets between sites in a multi-site application.
Impact
This vulnerability impacts any Rails applications using rails_multisite
alongside Rails' signed/encrypted cookies. Depending on how the application makes use of these cookies, it may be possible for an attacker to re-use cookies on different 'sites' within a multi-site Rails application.