GHSA-844m-cpr9-jcmh
GitHub Security Advisory
Rails Multisite secure/signed cookies share secrets between sites in a multi-site application
✓ GitHub Reviewed
MODERATE
Has CVE
Advisory Details
### Impact
This vulnerability impacts any Rails applications using `rails_multisite` alongside Rails' signed/encrypted cookies. Depending on how the application makes use of these cookies, it may be possible for an attacker to re-use cookies on different 'sites' within a multi-site Rails application.
### Patches
The issue has been patched in v4 of the `rails_multisite` gem. Note that this upgrade will invalidate all previous signed/encrypted cookies. The impact of this invalidation will vary based on the application architecture.
Affected Packages
RubyGems
rails_multisite
Affected versions:
0
(fixed in 4.0.0)
Related CVEs
Key Information
5.0
/10
Dataset
Last updated: July 3, 2025 6:26 AM
Data from GitHub Advisory Database. This information is provided for research and educational purposes.