Package impact
RubyGems / rack-session
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-39324 | critical | — | 9.5 | 2mo ago | Rack::Session::Cookie secrets: decrypt failure fallback enables secretless session forgery and Marshal deserialization | |||
| CVE-2025-46336 | unknown | — | — | 1y ago | Rack::Session is a session management implementation for Rack. In versions starting from 2.0.0 to before 2.1.1, when using the Rack::Session::Pool middleware, and provided the attacker can acquire a … |