{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T05:08:41.804","vulnerabilities":[{"cve":{"id":"CVE-2025-46336","sourceIdentifier":"security-advisories@github.com","published":"2025-05-08T20:15:30.670","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Rack::Session is a session management implementation for Rack. In versions starting from 2.0.0 to before 2.1.1, when using the Rack::Session::Pool middleware, and provided the attacker can acquire a session cookie (already a major issue), the session may be restored if the attacker can trigger a long running request (within that same session) adjacent to the user logging out, in order to retain illicit access even after a user has attempted to logout. This issue has been patched in version 2.1.1."},{"lang":"es","value":"Rack::Session es una implementación de gestión de sesiones para Rack. En versiones desde la 2.0.0 hasta anteriores a la 2.1.1, al usar el middleware Rack::Session::Pool, y siempre que el atacante pueda obtener una cookie de sesión (un problema ya grave), la sesión puede restaurarse si el atacante activa una solicitud de larga duración (dentro de la misma sesión) junto al cierre de sesión del usuario, para así conservar el acceso ilícito incluso después de que el usuario haya intentado cerrar sesión. Este problema se ha corregido en la versión 2.1.1."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":2.5}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-362"},{"lang":"en","value":"CWE-367"},{"lang":"en","value":"CWE-613"}]}],"references":[{"url":"https://github.com/rack/rack-session/commit/c28c4a8c1861d814e09f2ae48264ac4c40be2d3b","source":"security-advisories@github.com"},{"url":"https://github.com/rack/rack-session/security/advisories/GHSA-9j94-67jr-4cqj","source":"security-advisories@github.com"},{"url":"https://github.com/rack/rack/security/advisories/GHSA-vpfw-47h7-xj4g","source":"security-advisories@github.com"}]}}]}