CVE-2020-15237

In Shrine before version 3.3.0, when using the `derivation_endpoint` plugin, it's possible for the attacker to use a timing attack to guess the signature of the derivation URL. The problem has been fixed by comparing sent and calculated signature in constant time, using `Rack::Utils.secure_compare`. Users using the `derivation_endpoint` plugin are urged to upgrade to Shrine 3.3.0 or greater. A possible workaround is provided in the linked advisory.

In Shrine before version 3.3.0, when using the `derivation_endpoint` plugin, it's possible for the attacker to use a timing attack to guess the signature of the derivation URL. The problem has been fixed by comparing sent and calculated signature in constant time, using `Rack::Utils.secure_compare`. Users using the `derivation_endpoint` plugin are urged to upgrade to Shrine 3.3.0 or greater. A possible workaround is provided in the linked advisory.

### Impact When using the `derivation_endpoint` plugin, it's possible for the attacker to use a timing attack to guess the signature of the derivation URL. ### Patches The problem has been fixed by comparing sent and calculated signature in constant time, using `Rack::Utils.secure_compare`. Users using the `derivation_endpoint` plugin are urged to upgrade to Shrine 3.3.0 or greater. ### Workarounds Users of older Shrine versions can apply the following monkey-patch after loading the `derivation_endpoint` plugin: ```rb class Shrine class UrlSigner def verify_signature(string, signature) if signature.nil? fail InvalidSignature, "missing \"signature\" param" elsif !Rack::Utils.secure_compare(signature, generate_signature(string)) fail InvalidSignature, "provided signature does not match the calculated signature" end end end end ``` ### References You can read more about timing attacks [here](https://en.wikipedia.org/wiki/Timing_attack).

### Impact When using the `derivation_endpoint` plugin, it's possible for the attacker to use a timing attack to guess the signature of the derivation URL. ### Patches The problem has been fixed by comparing sent and calculated signature in constant time, using `Rack::Utils.secure_compare`. Users using the `derivation_endpoint` plugin are urged to upgrade to Shrine 3.3.0 or greater. ### Workarounds Users of older Shrine versions can apply the following monkey-patch after loading the `derivation_endpoint` plugin: ```rb class Shrine class UrlSigner def verify_signature(string, signature) if signature.nil? fail InvalidSignature, "missing \"signature\" param" elsif !Rack::Utils.secure_compare(signature, generate_signature(string)) fail InvalidSignature, "provided signature does not match the calculated signature" end end end end ``` ### References You can read more about timing attacks [here](https://en.wikipedia.org/wiki/Timing_attack).

En Shrine versiones anteriores a 3.3.0, cuando se usa el plugin "derivation_endpoint", es posible que el atacante use un ataque de sincronización para adivinar la firma de la URL de derivación. El problema ha sido corregido al comparar la firma enviada y la calculada en tiempo constante, usando la función "Rack::Utils.secure_compare". Se insta a usuarios que usan el plugin "derivation_endpoint" a actualizar a Shrine versión 3.3.0 o superior. Se proporciona una posible solución alternativa en el aviso vinculado