CVE-2018-16471
published 2018-11-13CVE-2018-16471: There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on…
PriorityP428medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EPSS
1.82%
76.0th percentile
There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | ruby-rack | < ruby-rack 1.6.4-6 (bookworm) | ruby-rack 1.6.4-6 (bookworm) |
| rack | rack | — | — |
| rack | rack | >= 0 < 1.6.11 | 1.6.11 |
| rack | rack | >= 2.0.0 < 2.0.6 | 2.0.6 |
| rack_project | rack | >= 1.6.0 < 1.6.11 | 1.6.11 |
| rack_project | rack | >= 2.0.0 < 2.0.6 | 2.0.6 |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv6.1MEDIUM
vendor_debian6.1MEDIUM
vendor_redhat6.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Rack vulnerability
vendor_ubuntu·2019-08-07
CVE-2018-16471 Rack vulnerability
Title: Rack vulnerability
Summary: Rack could allow cross-site scripting (XSS) attacks.
It was discovered that Rack incorrectly handled carefully crafted requests. A
remote attacker could use this issue to execute a cross-site scripting (XSS)
attack.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
rubygem-rack: Cross-site scripting (XSS) via `scheme` method on `Rack::Request`
vendor_redhat·2018-11-06·CVSS 6.1
CVE-2018-16471 [MEDIUM] CWE-79 rubygem-rack: Cross-site scripting (XSS) via `scheme` method on `Rack::Request`
rubygem-rack: Cross-site scripting (XSS) via `scheme` method on `Rack::Request`
There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable.
Statement: Red Hat OpenStack Platform and OpenShift Enterprise are not affected. Whilst the version of rack in use as a dependency in optional components is vulnerable, the vulnerable variable is not used in a way th
Debian
CVE-2018-16471: ruby-rack - There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully...
vendor_debian·2018·CVSS 6.1
CVE-2018-16471 [MEDIUM] CVE-2018-16471: ruby-rack - There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully...
There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable.
Scope: local
bookworm: resolved (fixed in 1.6.4-6)
bullseye: resolved (fixed in 1.6.4-6)
forky: resolved (fixed in 1.6.4-6)
sid: resolved (fixed in 1.6.4-6)
trixie: resolved (fixed in 1.6.4-6)
OSV
Rack vulnerable to Cross-site Scripting
osv·2018-11-15
CVE-2018-16471 [MEDIUM] Rack vulnerable to Cross-site Scripting
Rack vulnerable to Cross-site Scripting
There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable.
GHSA
Rack vulnerable to Cross-site Scripting
ghsa·2018-11-15
CVE-2018-16471 [MEDIUM] CWE-79 Rack vulnerable to Cross-site Scripting
Rack vulnerable to Cross-site Scripting
There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable.
OSV
CVE-2018-16471: There is a possible XSS vulnerability in Rack before 2
osv·2018-11-13·CVSS 6.1
CVE-2018-16471 [MEDIUM] CVE-2018-16471: There is a possible XSS vulnerability in Rack before 2
There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2018-16471 rubygem-rack: Cross-site scripting (XSS) via `scheme` method on `Rack::Request` [epel-all]
bugzilla·2018-11-06·CVSS 6.1
CVE-2018-16471 [MEDIUM] CVE-2018-16471 rubygem-rack: Cross-site scripting (XSS) via `scheme` method on `Rack::Request` [epel-all]
CVE-2018-16471 rubygem-rack: Cross-site scripting (XSS) via `scheme` method on `Rack::Request` [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects m
Bugzilla
CVE-2018-16471 rubygem-rack: Cross-site scripting (XSS) via `scheme` method on `Rack::Request`
bugzilla·2018-11-06·CVSS 6.1
CVE-2018-16471 [MEDIUM] CVE-2018-16471 rubygem-rack: Cross-site scripting (XSS) via `scheme` method on `Rack::Request`
CVE-2018-16471 rubygem-rack: Cross-site scripting (XSS) via `scheme` method on `Rack::Request`
Rack (rubygem-rack) versions before 2.0.6 are vulnerable to a cross-site scripting (XSS) flaw via the `scheme` method on `Rack::Request`.
External Reference:
https://groups.google.com/d/msg/rubyonrails-security/GKsAFT924Ag/DYtk-Xl6AAAJ
Discussion:
Created rubygem-rack tracking bugs for this issue:
Affects: epel-all [bug 1646820]
Affects: fedora-all [bug 1646819]
---
Red Hat OpenStack Platform and OpenShift Enterprise are not affected. Whilst the version of rack in use as a dependency in optional components is vulnerable, the vulnerable variable is not used in a way that could lead to XSS.
---
Upstream patches:
- https://github.com/rack/rack/commit/313dd6a05a5924ed6c82072299c53fed09e39a
Bugzilla
CVE-2018-16471 rubygem-rack: Cross-site scripting (XSS) via `scheme` method on `Rack::Request` [fedora-all]
bugzilla·2018-11-06·CVSS 6.1
CVE-2018-16471 [MEDIUM] CVE-2018-16471 rubygem-rack: Cross-site scripting (XSS) via `scheme` method on `Rack::Request` [fedora-all]
CVE-2018-16471 rubygem-rack: Cross-site scripting (XSS) via `scheme` method on `Rack::Request` [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affec
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00032.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.htmlhttps://groups.google.com/forum/#%21topic/rubyonrails-security/GKsAFT924Aghttps://lists.debian.org/debian-lts-announce/2018/11/msg00022.htmlhttps://usn.ubuntu.com/4089-1/http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00032.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.htmlhttps://groups.google.com/forum/#%21topic/rubyonrails-security/GKsAFT924Aghttps://lists.debian.org/debian-lts-announce/2018/11/msg00022.htmlhttps://usn.ubuntu.com/4089-1/
2018-11-13
Published