Is rails_multisite affected by CVE-2021-41263?

RubyGems rails_multisite is affected in <4.0.0.

Is CVE-2021-41263 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.6%.

medium

CVE-2021-41263

Q: Is CVE-2021-41263 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.6%.

RubyGems · rails_multisite

Summary

Rails Multisite secure/signed cookies share secrets between sites in a multi-site application

Severity: medium
EPSS: 0.6% (p44)
Also known as: GHSA-844m-cpr9-jcmh
Published: 2021-11-15

References

https://github.com/discourse/rails_multisite/security/advisories/GHSA-844m-cpr9-jcmh
https://nvd.nist.gov/vuln/detail/CVE-2021-41263
https://github.com/discourse/rails_multisite/commit/c6785cdb5c9277dd2c5ac8d55180dd1ece440ed0

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.