-
-
Notifications
You must be signed in to change notification settings - Fork 233
Expand file tree
/
Copy pathCVE-2019-16779.yml
More file actions
23 lines (21 loc) · 847 Bytes
/
CVE-2019-16779.yml
File metadata and controls
23 lines (21 loc) · 847 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
---
gem: excon
cve: 2019-16779
ghsa: q58g-455p-8vw9
url: https://github.com/excon/excon/security/advisories/GHSA-q58g-455p-8vw9
date: 2019-12-16
title: Race condition when using persistent connections
description: |
There was a race condition around persistent connections, where a connection
which is interrupted (such as by a timeout) would leave data on the socket.
Subsequent requests would then read this data, returning content from the
previous response. The race condition window appears to be short, and it
would be difficult to purposefully exploit this.
Users can workaround the problem by disabling persistent connections, though
this may cause performance implications.
cvss_v3: 5.8
patched_versions:
- ">= 0.71.0"
related:
url:
- https://github.com/excon/excon/commit/ccb57d7a422f020dc74f1de4e8fb505ab46d8a29