Allele Security Alert
ASA-2018-00034
Identifier(s)
ASA-2018-00034, CVE-2018-16471
Title
XSS vulnerability
Product(s)
Rack
Affected version(s)
All
Fixed version(s)
Rack 2.0.6, 1.6.11
Proof of concept
Unknown
Description
There is a possible XSS vulnerability in Rack. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to “http” or “https” and do not escape the return value could be vulnerable to an XSS attack.
Vulnerable code looks something like this:
``` <%= request.scheme.html_safe %> ```
Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable.
Reference(s)
[CVE-2018-16471] Possible XSS vulnerability in Rack
https://seclists.org/oss-sec/2018/q4/129
[CVE-2018-16471] Possible XSS vulnerability in Rack
https://groups.google.com/forum/#!topic/rubyonrails-security/GKsAFT924Ag
CVE-2018-16471
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16471
CVE-2018-16471
https://nvd.nist.gov/vuln/detail/CVE-2018-16471
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: November 8, 2018