12 matches found
EUVD-2019-0758
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2019-18978
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the rack-cors aka Rack CORS Middleware gem before 1.0.4 for Ruby. It allows ../ directory traversal to access private resources becau...
GHSA-785G-282Q-PWVX Rack CORS Middleware has Insecure File Permissions
rack-cors aka Rack CORS Middleware 2.0.1 has 0666 permissions for the .rb files...
Rack CORS Middleware has Insecure File Permissions
rack-cors aka Rack CORS Middleware 2.0.1 has 0666 permissions for the .rb files...
CVE-2024-27456
rack-cors aka Rack CORS Middleware 2.0.1 has 0666 permissions for the .rb files...
CVE-2024-27456
rack-cors aka Rack CORS Middleware 2.0.1 has 0666 permissions for the .rb files...
CVE-2024-27456
CVE-2024-27456 concerns rack-cors 2.0.1 with insecure file permissions: .rb files shipped as 0666, potentially impacting integrity, confidentiality, and availability. Root cause: default permissive file permissions. Public exposure documented by Red Hat and other sources; exploitation details are...
CVE-2024-27456
rack-cors aka Rack CORS Middleware 2.0.1 has 0666 permissions for the .rb files...
Rack CORS Middleware has Insecure File Permissions
rack-cors aka Rack CORS Middleware 2.0.1 has 0666 permissions for the .rb files...
DEBIAN-CVE-2019-18978
An issue was discovered in the rack-cors aka Rack CORS Middleware gem before 1.0.4 for Ruby. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format...
Directory traversal
An issue was discovered in the rack-cors aka Rack CORS Middleware gem before 1.0.4 for Ruby. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format...
CVE-2019-18978
An issue was discovered in the rack-cors aka Rack CORS Middleware gem before 1.0.4 for Ruby. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format...