{"id":"CVE-2020-8184","details":"A reliance on cookies without validation/integrity check security vulnerability exists in rack \u003c 2.2.3, rack \u003c 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.","aliases":["GHSA-j6w9-fv6q-3q52"],"modified":"2026-05-15T12:04:16.551855258Z","published":"2020-06-19T17:15:18.757Z","related":["SUSE-RU-2020:2161-1","SUSE-SU-2020:2678-1","SUSE-SU-2020:3036-1","SUSE-SU-2020:3147-1","SUSE-SU-2020:3160-1","SUSE-SU-2022:3347-1","openSUSE-SU-2020:1993-1","openSUSE-SU-2020:2000-1","openSUSE-SU-2024:10589-1","openSUSE-SU-2024:11344-1","openSUSE-SU-2024:12119-1","openSUSE-SU-2024:12397-1","openSUSE-SU-2024:12974-1","openSUSE-SU-2024:13167-1","openSUSE-SU-2024:13726-1","openSUSE-SU-2024:13727-1","openSUSE-SU-2025:14811-1","openSUSE-SU-2025:14875-1","openSUSE-SU-2026:10286-1","openSUSE-SU-2026:10358-1"],"database_specific":{"unresolved_ranges":[{"cpes":["cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"],"extracted_events":[{"last_affected":"18.04"}],"source":"CPE_FIELD","vendor_product":"canonical:ubuntu_linux"},{"cpes":["cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"9.0"},{"last_affected":"10.0"}],"source":"CPE_FIELD","vendor_product":"debian:debian_linux"}]},"references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00006.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00038.html"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4561-1/"},{"type":"FIX","url":"https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak"},{"type":"FIX","url":"https://hackerone.com/reports/895727"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}