Denial of Serviceyar
yar prior to 2.2.0 are affected by a denial of service vulnerability related to an invalid encrypted session cookie value.
When an invalid encryped session cookie value is provided, the process will crash.
Update to version 2.2.0 or later.
Have content suggestions? Send them to [email protected]
reportedInitial report by Reid BurkeOct 17th, 2015
publishedAdvisory publishedJun 16th, 2014