CVE-2025-46336 | rack-session up to 2.1.0 Session Cookie Rack::Session::Pool race condition (GHSA-9j94-67jr-4cqj)

Inserito da Angelo Barbosa | Mag 9, 2025 | CVE

A vulnerability, which was classified as problematic, was found in rack-session up to 2.1.0. This affects the function Rack::Session::Pool of the component Session Cookie Handler. The manipulation leads to race condition.

This vulnerability is uniquely identified as CVE-2025-46336. The attack needs to be initiated within the local network. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2025-46336 | rack-session up to 2.1.0 Session Cookie Rack::Session::Pool race condition (GHSA-9j94-67jr-4cqj)

Post correlati

CVE-2024-31352 | Email Subscribers & Newsletters Plugin up to 5.7.13 on WordPress authorization

CVE-2024-41997 | Warp Terminal prior 0.2024.07.16.08.02 Docker Integration open_subshell command injection

CVE-2024-12987 | DrayTek Vigor2960/Vigor300B 1.5.1.4 Web Management Interface apmcfgupload session os command injection

CVE-2024-36016 | Linux Kernel up to 6.9 tty gsm0_receive memory corruption (47388e807f85)