Rails Multisite
Approved changes feed: RSS · Atom
cpe:2.3:a:discourse:rails_multisite:*:*:*:*:*:ruby:*:*
part: a version: * update: *
| Vendor | Discourse (2d3c125b-857a-5933-b846-ed7f9d5e0225) |
|---|---|
| Product | Rails Multisite (8e42e1a9-db65-5383-a91c-21f0d269bb41) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | ruby |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2021-41263 |
vulnerable | 2026-06-03 14:45:25.415728 |
Secure/signed cookies share secrets between sites in rails_multisite
HIGH (8.3)
rails_multisite provides multi-db support for Rails applications. In affected versions this vulnerability impacts any Rails applications using `rails_multisite` alongside Rails' signed/encrypted cookies. Depending on how the application makes use of these cookies, it may be possible for an attacker to re-use cookies on different 'sites' within a multi-site Rails application. The issue has been patched in v4 of the `rails_multisite` gem. Note that this upgrade will invalidate all previous signed/encrypted cookies. The impact of this invalidation will vary based on the application architecture.
Published: 2021-11-15T20:10:11.000Z
Updated: 2024-08-04T03:08:31.596Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.