Vulnerability Description
In Shrine before version 3.3.0, when using the `derivation_endpoint` plugin, it's possible for the attacker to use a timing attack to guess the signature of the derivation URL. The problem has been fixed by comparing sent and calculated signature in constant time, using `Rack::Utils.secure_compare`. Users using the `derivation_endpoint` plugin are urged to upgrade to Shrine 3.3.0 or greater. A possible workaround is provided in the linked advisory.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Shrinerb | Shrine | < 3.3.0 |
Related Weaknesses (CWE)
References
- https://github.com/shrinerb/shrine/commit/1b27090ce31543bf39f186c20ea47c8250fca2PatchThird Party Advisory
- https://github.com/shrinerb/shrine/security/advisories/GHSA-5jjv-x4fq-qjwpThird Party Advisory
- https://github.com/shrinerb/shrine/commit/1b27090ce31543bf39f186c20ea47c8250fca2PatchThird Party Advisory
- https://github.com/shrinerb/shrine/security/advisories/GHSA-5jjv-x4fq-qjwpThird Party Advisory
FAQ
What is CVE-2020-15237?
CVE-2020-15237 is a vulnerability with a CVSS score of 5.9 (MEDIUM). In Shrine before version 3.3.0, when using the `derivation_endpoint` plugin, it's possible for the attacker to use a timing attack to guess the signature of the derivation URL. The problem has been fi...
How severe is CVE-2020-15237?
CVE-2020-15237 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-15237?
Check the references section above for vendor advisories and patch information. Affected products include: Shrinerb Shrine.