Home > Vulnerability Database > WS-2023-0115

Mend.io Vulnerability Database

WS-2023-0115

Good to know:

Date: April 28, 2023

A Race Condition was found in audited leading to logging errors. In certain setups with threaded web servers, Audited's use of Thread.current can incorrectly attributed audits to the wrong user. Version 5.3.3 contains a fix.

Language: Ruby

Severity Score

3.1

Related Resources (2)

Url: https://github.com/collectiveidea/audited/commit/7e4d6095ac9afc6fb31cb0b3f37ec23f333e193d

Url: https://www.mend.io/vulnerability-database/WS-2023-0115

Severity Score

3.1

Weakness Type (CWE)

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-362

Top Fix

Upgrade Version

Upgrade to version audited - 5.3.3;audited - 4.0.0.rc1

Learn More

CVSS v3.1

Base Score:	3.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2023-0115

Good to know:

Date: April 28, 2023

Language: Ruby

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?