6 matches found
[SECURITY] [DLA 2389-1] ruby-rack-cors security update
----------------------------------------------------------------------- Debian LTS Advisory DLA-2389-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta October 01, 2020 https://wiki.debian.org/LTS -...
CVE-2020-25032
An issue was discovered in Flask-CORS aka CORS Middleware for Flask before 3.0.9. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format...
CVE-2020-25032
An issue was discovered in Flask-CORS aka CORS Middleware for Flask before 3.0.9. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format...
rack-cors directory traversal via path
An issue was discovered in the rack-cors aka Rack CORS Middleware gem before 1.0.4 for Ruby. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format...
Directory traversal
An issue was discovered in the rack-cors aka Rack CORS Middleware gem before 1.0.4 for Ruby. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format...
CVE-2019-18978
An issue was discovered in the rack-cors aka Rack CORS Middleware gem before 1.0.4 for Ruby. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format...