UpgradeRuby.com

The go-to resource for upgrading Ruby, Rails, and your dependencies.

Posts Tagged: url-sessions

Understanding CVE-2007-5380: Session Fixation via URL-Based Sessions in Early Rails

An in-depth look at CVE-2007-5380, a session fixation vulnerability in early Ruby on Rails versions caused by URL-based session identifiers.

Mar 15, 2026

ruby on railssecuritycvevulnerabilitysession-fixationurl-sessions