CVE-2007-5380 – rails

Package

Manager: gem
Name: rails
Vulnerable Version: >=0 <1.2.4

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.09363 pctl0.92467

Details

Session fixation vulnerability in Rails Session fixation vulnerability in Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers to hijack web sessions via unspecified vectors related to "URL-based sessions."

Metadata

Created: 2017-10-24T18:33:38Z
Modified: 2025-04-09T15:20:58Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-jwhv-rgqc-fqj5/GHSA-jwhv-rgqc-fqj5.json
CWE IDs: ["CWE-384"]
Alternative ID: GHSA-jwhv-rgqc-fqj5
Finding: F280
Auto approve: 1