Race Condition Affecting excon package, versions <0.71.0
Snyk CVSS
Attack Complexity
High
User Interaction
Required
Scope
Changed
Confidentiality
High
Threat Intelligence
EPSS
0.79% (82nd
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-RUBY-EXCON-537866
- published 17 Dec 2019
- disclosed 16 Dec 2019
- credit Patrick Ellis
How to fix?
Upgrade excon
to version 0.71.0 or higher.
Overview
excon is an is Extended http(s) connections.
Affected versions of this package are vulnerable to Race Condition. A persistent connection which is interrupted (such as by a timeout) would leave data on the socket.