Rewterz Threat Advisory – Slack fixes Vulnerability Exploitable for Session Hijacking

Severity

High

Analysis Summary

This form of attack tampers with the processes sequences of HTTP requests within a website or app, generally when front-facing services send an HTTP request to a back-end server, and any disparity between how requests are interpreted can lead to data leaks and the bypass of existing security controls.

Impact

• Data leak 
• Session hijacking

Affected Vendors

Slack

Remediation

Update to latest version