We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-46336

Rack session gets restored after deletion



Description

Rack::Session is a session management implementation for Rack. In versions starting from 2.0.0 to before 2.1.1, when using the Rack::Session::Pool middleware, and provided the attacker can acquire a session cookie (already a major issue), the session may be restored if the attacker can trigger a long running request (within that same session) adjacent to the user logging out, in order to retain illicit access even after a user has attempted to logout. This issue has been patched in version 2.1.1.

Reserved 2025-04-22 | Published 2025-05-08 | Updated 2025-05-08 | Assigner GitHub_M


MEDIUM: 4.2CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

Problem types

CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition

CWE-613: Insufficient Session Expiration

Product status

>= 2.0.0, < 2.1.1
affected

References

github.com/...ession/security/advisories/GHSA-9j94-67jr-4cqj

github.com/rack/rack/security/advisories/GHSA-vpfw-47h7-xj4g

github.com/...ommit/c28c4a8c1861d814e09f2ae48264ac4c40be2d3b

cve.org (CVE-2025-46336)

nvd.nist.gov (CVE-2025-46336)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-46336

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.