Sep 28, 2020 8:00 pm EDT
Categorized: Medium Severity
Share this post:
A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix. Prior to discovery of this vulnerability, Aspera on Cloud used rack gem V2.2.2. Once the vulnerability was identified the version of rack gem used was upgraded to V2.2.3, which does not contain this vulnerability.
Affected product(s) and affected version(s):
|Aspera on Cloud
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6338791