rails-session-decoder is a simple utility for decoding Rails 4.x sessions in node.js
Affected versions of this package are vulnerable to Information Exposure. Missing verification of the Message Authentication Code appended to the cookies may lead to decryption of cipher text thus exposing encrypted information.
There is no fixed version for
Do your applications use this vulnerable package?
- Alex Hill
- Snyk ID
- 08 Jan, 2019
- 10 Jan, 2019