Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:gem/rack-protection@2.0.0
purl pkg:gem/rack-protection@2.0.0
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 3.1
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-nwqq-fdtk-dudg
Aliases:
CVE-2018-7212
GHSA-h29f-7f56-j8wh
Path traversal on Windows Path traversal is possible via backslash characters on Windows. An attacker could access arbitrary files and directories stored on the file system.
2.0.1
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-q4x5-bxn7-5yht Timing attack vulnerability Sinatra rack-protection contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby application. CVE-2018-1000119
GHSA-688c-3x49-6rqj

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T20:41:58.928373+00:00 GitLab Importer Fixing VCID-q4x5-bxn7-5yht https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rack-protection/CVE-2018-1000119.yml 38.4.0
2026-04-16T20:41:40.918281+00:00 GitLab Importer Affected by VCID-nwqq-fdtk-dudg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rack-protection/CVE-2018-7212.yml 38.4.0
2026-04-16T17:37:45.962908+00:00 Ruby Importer Affected by VCID-nwqq-fdtk-dudg https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack-protection/CVE-2018-7212.yml 38.4.0
2026-04-11T21:52:35.108201+00:00 GitLab Importer Fixing VCID-q4x5-bxn7-5yht https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rack-protection/CVE-2018-1000119.yml 38.3.0
2026-04-11T21:52:16.818114+00:00 GitLab Importer Affected by VCID-nwqq-fdtk-dudg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rack-protection/CVE-2018-7212.yml 38.3.0
2026-04-11T21:34:42.303118+00:00 Ruby Importer Affected by VCID-nwqq-fdtk-dudg https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack-protection/CVE-2018-7212.yml 38.3.0
2026-04-02T22:06:22.420533+00:00 GitLab Importer Fixing VCID-q4x5-bxn7-5yht https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rack-protection/CVE-2018-1000119.yml 38.1.0
2026-04-02T22:06:03.836134+00:00 GitLab Importer Affected by VCID-nwqq-fdtk-dudg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rack-protection/CVE-2018-7212.yml 38.1.0
2026-04-02T19:33:00.798549+00:00 Ruby Importer Affected by VCID-nwqq-fdtk-dudg https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack-protection/CVE-2018-7212.yml 38.1.0
2026-04-01T16:23:02.444007+00:00 GitLab Importer Affected by VCID-nwqq-fdtk-dudg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rack-protection/CVE-2018-7212.yml 38.0.0
2026-04-01T15:56:27.023891+00:00 GHSA Importer Fixing VCID-q4x5-bxn7-5yht https://github.com/advisories/GHSA-688c-3x49-6rqj 38.0.0
2026-04-01T15:49:57.924732+00:00 Ruby Importer Affected by VCID-nwqq-fdtk-dudg https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack-protection/CVE-2018-7212.yml 38.0.0
2026-04-01T13:03:52.024376+00:00 GithubOSV Importer Fixing VCID-q4x5-bxn7-5yht https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/03/GHSA-688c-3x49-6rqj/GHSA-688c-3x49-6rqj.json 38.0.0
2026-04-01T12:47:36.455293+00:00 GitLab Importer Fixing VCID-q4x5-bxn7-5yht https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rack-protection/CVE-2018-1000119.yml 38.0.0