{"id":"CVE-2020-8184","details":"A reliance on cookies without validation/integrity check security vulnerability exists in rack \u003c 2.2.3, rack \u003c 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.","aliases":["GHSA-j6w9-fv6q-3q52"],"modified":"2026-04-16T04:31:44.698477980Z","published":"2020-06-19T17:15:18.757Z","related":["SUSE-RU-2020:2161-1","SUSE-SU-2020:2678-1","SUSE-SU-2020:3036-1","SUSE-SU-2020:3147-1","SUSE-SU-2020:3160-1","SUSE-SU-2022:3347-1","openSUSE-SU-2020:1993-1","openSUSE-SU-2020:2000-1","openSUSE-SU-2024:10589-1","openSUSE-SU-2024:11344-1","openSUSE-SU-2024:12119-1","openSUSE-SU-2024:12397-1","openSUSE-SU-2024:12974-1","openSUSE-SU-2024:13167-1","openSUSE-SU-2024:13726-1","openSUSE-SU-2024:13727-1","openSUSE-SU-2025:14811-1","openSUSE-SU-2025:14875-1","openSUSE-SU-2026:10286-1","openSUSE-SU-2026:10358-1"],"references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00006.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00038.html"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4561-1/"},{"type":"FIX","url":"https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak"},{"type":"FIX","url":"https://hackerone.com/reports/895727"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/rack/rack","events":[{"introduced":"0"},{"fixed":"52808700e0ade4225625c6729529e13a6b31cc2f"},{"introduced":"39d501a28c1fe51284addfe6dacffafb69d49849"},{"fixed":"1741c580d71cfca8e541e96cc372305c8892ee74"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.1.4"},{"introduced":"2.2.0"},{"fixed":"2.2.3"}]}}],"versions":["0.1","0.2","0.3","1.0","1.3.0","1.3.0.beta","1.3.0.beta2","1.4.0","1.4.1","1.5.0","1.5.1","1.6.0.beta","2.0.0","2.0.0.alpha","2.0.0.rc1","2.0.1","2.1.0","2.1.1","2.1.2","2.1.3","2.2.0","v2.2.1","v2.2.2"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-8184.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}