You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Jun 25, 2022. It is now read-only.
Copy file name to clipboardExpand all lines: index.html
+1-1
Original file line number
Diff line number
Diff line change
@@ -124,7 +124,7 @@ <h2>News</h2>
124
124
</ul>
125
125
Some notes on <strong>CVE-2013-0263</strong> that affects all prior versions:
126
126
<ul>
127
-
<li>Some Rails users may not be affected (if they <strong>only</strong> use Rails managed sessions.</li>
127
+
<li>Some Rails users may not be affected (if they <strong>only</strong> use Rails managed sessions).</li>
128
128
<li>If users are using the Marshal (default) session cookie encoding, then those users are vulnerable to a <strong>Remote Code Execution</strong>, after a successful timing attack.</li>
129
129
<li>While some users may assume that timing attacks are not viable over the Internet, Cloud users in particular are reminded that intra-cloud latencies are sufficiently low to be viable.</li>
0 commit comments