CVE-2018-16471
CVE-2018-16471
In short
A vulnerability in Rack allows attackers to inject malicious code into the scheme method of HTTP requests. If a web application uses this value without proper protection, attackers could execute harmful scripts in users' browsers.
Technical detail
XSS vulnerability in Rack's request.scheme method due to insufficient input validation. Attackers can craft requests with malicious payloads that bypass scheme validation (http/https), affecting applications that trust and render the scheme value without output encoding. Impact is conditional on the application not using standard escaping mechanisms.
Summary generated and translated by AI from the official description.
There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable.
Affected products
Rack · RackWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00032.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.htmlhttps://groups.google.com/forum/#%21topic/rubyonrails-security/GKsAFT924Aghttps://lists.debian.org/debian-lts-announce/2018/11/msg00022.htmlhttps://usn.ubuntu.com/4089-1/