rails_multisite 1.1.0
Secure/signed cookies share secrets between sites in a multi-site application
medium severity CVE-2021-41263>= 4.0.0
Impact
This vulnerability impacts any Rails applications using rails_multisite
alongside Rails' signed/encrypted cookies. Depending on how the application makes use of these cookies, it may be possible for an attacker to re-use cookies on different 'sites' within a multi-site Rails application.
Patches
The issue has been patched in v4 of the rails_multisite
gem. Note that this upgrade will invalidate all previous signed/encrypted cookies. The impact of this invalidation will vary based on the application architecture.
No officially reported memory leakage issues detected.
This gem version does not have any officially reported memory leaked issues.
Author did not declare license for this gem in the gemspec.
This gem version has a MIT license in the source code, however it was not declared in the gemspec file.
This gem version is available.
This gem version has not been yanked and is still available for usage.