Lucene search
K

4 matches found

Veracode
Veracode
added 2020/09/01 2:56 a.m.19 views

Directory Traversal

flaskcors is vulnerable to directory traversal. The vulnerability exists as it does not sufficiently handle the pathnames for CORS resource matching before evaluating resource rules, allowing an attacker to submit a malicious pathname containing the ../ characters and access arbitrary system file...

7.5CVSS4.2AI score0.04017EPSS
Exploits0References7Affected Software1
RubySec
RubySec
added 2019/11/15 12:0 a.m.19 views

rack-cors directory traversal via path

An issue was discovered in the rack-cors aka Rack CORS Middleware gem before 1.0.4 for Ruby. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format...

5.3CVSS4.6AI score0.02462EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2019/11/14 9:15 p.m.13 views

CVE-2019-18978

An issue was discovered in the rack-cors aka Rack CORS Middleware gem before 1.0.4 for Ruby. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format...

5.3CVSS5.1AI score
Exploits0References6
Debian CVE
Debian CVE
added 2019/11/14 8:21 p.m.23 views

CVE-2019-18978

An issue was discovered in the rack-cors aka Rack CORS Middleware gem before 1.0.4 for Ruby. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format...

5.3CVSS5.1AI score0.02462EPSS
Exploits0
Rows per page
Query Builder