CVE-2025-46336 | rack-session up to 2.1.0 Session Cookie Rack::Session::Pool race condition (GHSA-9j94-67jr-4cqj)

Inserito da Angelo Barbosa | Mag 9, 2025 | CVE

A vulnerability, which was classified as problematic, was found in rack-session up to 2.1.0. This affects the function Rack::Session::Pool of the component Session Cookie Handler. The manipulation leads to race condition.

This vulnerability is uniquely identified as CVE-2025-46336. The attack needs to be initiated within the local network. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2025-46336 | rack-session up to 2.1.0 Session Cookie Rack::Session::Pool race condition (GHSA-9j94-67jr-4cqj)

Post correlati

CVE-2023-52339 | libebml up to 1.4.4 MemIOCallback.cpp integer overflow (Issue 147)

CVE-2023-49898 | Apache StreamPark up to 2.1.1 Project Module command injection

CVE-2024-40647 | getsentry sentry-python up to 2.7.x environment information disclosure (GHSA-g92j-qhmh-64v2)

CVE-2024-0668 | Advanced Database Cleaner Plugin up to 3.1.3 on WordPress process_bulk_action code injection