Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 3 of 3 results


CVE-2024-27456

Negligible priority
Not affected

rack-cors (aka Rack CORS Middleware) 2.0.1 has 0666 permissions for the .rb files.

1 affected packages

ruby-rack-cors

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby-rack-cors Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2019-18978

Medium priority

Some fixes available 1 of 4

An issue was discovered in the rack-cors (aka Rack CORS Middleware) gem before 1.0.4 for Ruby. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in...

1 affected packages

ruby-rack-cors

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby-rack-cors Not affected Not affected Not affected Vulnerable Fixed
Show less packages

CVE-2017-11173

Medium priority

Some fixes available 2 of 3

Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted example.com domain name and not the malicious...

1 affected packages

ruby-rack-cors

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby-rack-cors Not affected Fixed
Show less packages