sinatra is vulnerable to timing attacks. This vulnerability is caused because the csrf tokens are not compared in constant time, allowing malicious users to guess the valid csrf tokens based on the time that a comparison takes.
CPE | Name | Operator | Version |
---|---|---|---|
pcs | eq | 0.9.137__13.el7_1.2 | |
pcs | eq | 0.9.158__4.el7 |