3 matches found
CVE-2024-27456
rack-cors aka Rack CORS Middleware 2.0.1 has 0666 permissions for the .rb files...
PT-2019-6072 · Ruby +2 · Rack-Cors +2
Name of the Vulnerable Software and Affected Versions: rack-cors versions prior to 1.0.4 Description: The issue allows for ../ directory traversal, enabling access to private resources. This is due to the fact that resource matching does not ensure pathnames are in a canonical format. The...
rack-cors CORS request vulnerability
rack-cors is a middleware for resource sharing across sources. regex is a regular expression created in it. A security vulnerability exists in the regex created in versions of rack-cors prior to 0.4.1. An attacker can exploit this vulnerability to execute cross-origin resource sharing requests...