Vulnerabilities > CVE-2020-15237 - Unspecified vulnerability in Shrinerb Shrine
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
In Shrine before version 3.3.0, when using the `derivation_endpoint` plugin, it's possible for the attacker to use a timing attack to guess the signature of the derivation URL. The problem has been fixed by comparing sent and calculated signature in constant time, using `Rack::Utils.secure_compare`. Users using the `derivation_endpoint` plugin are urged to upgrade to Shrine 3.3.0 or greater. A possible workaround is provided in the linked advisory.
Vulnerable Configurations
References
- https://github.com/shrinerb/shrine/commit/1b27090ce31543bf39f186c20ea47c8250fca2f0
- https://github.com/shrinerb/shrine/commit/1b27090ce31543bf39f186c20ea47c8250fca2f0
- https://github.com/shrinerb/shrine/security/advisories/GHSA-5jjv-x4fq-qjwp
- https://github.com/shrinerb/shrine/security/advisories/GHSA-5jjv-x4fq-qjwp