Re: Issues regarding ruby-rack/CVE-2019-16782
Ola Lundqvist <email@example.com> writes:
> So regarding your throught about why Rack has this and not others. Well I
> think all have the same issue. I think it is a little of a stretch that
> this can be used in practice. I mean an attacker must do a broad search of
> all possible session identifiers to make use of this. Or have I
> misunderstood something?
I suspect you are mostly correct.
However how many people would really notice if an attacker made numerous
connections to their website in attempt to exploit this?
Brian May <firstname.lastname@example.org>