Lucene search
K

6 matches found

Debian
Debian
added 2020/10/01 12:17 p.m.28 views

[SECURITY] [DLA 2389-1] ruby-rack-cors security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-2389-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta October 01, 2020 https://wiki.debian.org/LTS -...

5.3CVSS5.5AI score0.02462EPSS
Exploits0
OSV
OSV
added 2020/08/31 4:15 a.m.18 views

CVE-2020-25032

An issue was discovered in Flask-CORS aka CORS Middleware for Flask before 3.0.9. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format...

7.5CVSS6.6AI score
Exploits0References6
Debian CVE
Debian CVE
added 2020/08/31 3:57 a.m.24 views

CVE-2020-25032

An issue was discovered in Flask-CORS aka CORS Middleware for Flask before 3.0.9. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format...

7.5CVSS7.9AI score0.04017EPSS
Exploits0
RubySec
RubySec
added 2019/11/15 12:0 a.m.18 views

rack-cors directory traversal via path

An issue was discovered in the rack-cors aka Rack CORS Middleware gem before 1.0.4 for Ruby. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format...

5.3CVSS4.6AI score0.02462EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2019/11/14 9:15 p.m.19 views

Directory traversal

An issue was discovered in the rack-cors aka Rack CORS Middleware gem before 1.0.4 for Ruby. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format...

5CVSS5.3AI score0.02462EPSS
Exploits0References6Affected Software3
Debian CVE
Debian CVE
added 2019/11/14 8:21 p.m.22 views

CVE-2019-18978

An issue was discovered in the rack-cors aka Rack CORS Middleware gem before 1.0.4 for Ruby. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format...

5.3CVSS5.1AI score0.02462EPSS
Exploits0
Rows per page
Query Builder