8 matches found
[SECURITY] [DSA 4918-1] ruby-rack-cors security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4918-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 18, 2021 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4918-1] ruby-rack-cors security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4918-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 18, 2021 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2389-1] ruby-rack-cors security update
----------------------------------------------------------------------- Debian LTS Advisory DLA-2389-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta October 01, 2020 https://wiki.debian.org/LTS -...
[SECURITY] [DLA 2096-1] ruby-rack-cors security update
Package : ruby-rack-cors Version : 0.2.9-1+deb8u1 CVE ID : CVE-2019-18978 This package allowed ../ directory traversal to access private resources because resource matching did not ensure that pathnames were in a canonical format. For Debian 8 "Jessie", this problem has been fixed in version...
DEBIAN-CVE-2019-18978
An issue was discovered in the rack-cors aka Rack CORS Middleware gem before 1.0.4 for Ruby. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format...
CVE-2019-18978
An issue was discovered in the rack-cors aka Rack CORS Middleware gem before 1.0.4 for Ruby. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format...
CVE-2019-18978
CVE-2019-18978 (rack-cors) affects the Rack CORS Middleware for Ruby, prior to v1.0.4. The issue is improper canonicalization of pathnames, allowing directory traversal ("../") to access private resources. In public disclosures, Debian/Ubuntu advisories and OSS security plugins reference this vul...
CVE-2019-18978
An issue was discovered in the rack-cors aka Rack CORS Middleware gem before 1.0.4 for Ruby. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format...