4 matches found
Directory Traversal
flaskcors is vulnerable to directory traversal. The vulnerability exists as it does not sufficiently handle the pathnames for CORS resource matching before evaluating resource rules, allowing an attacker to submit a malicious pathname containing the ../ characters and access arbitrary system file...
rack-cors directory traversal via path
An issue was discovered in the rack-cors aka Rack CORS Middleware gem before 1.0.4 for Ruby. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format...
CVE-2019-18978
An issue was discovered in the rack-cors aka Rack CORS Middleware gem before 1.0.4 for Ruby. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format...
CVE-2019-18978
An issue was discovered in the rack-cors aka Rack CORS Middleware gem before 1.0.4 for Ruby. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format...