Search CVE reports
1 – 3 of 3 results
CVE-2024-27456
Negligible priorityrack-cors (aka Rack CORS Middleware) 2.0.1 has 0666 permissions for the .rb files.
1 affected packages
ruby-rack-cors
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ruby-rack-cors | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2019-18978
Medium prioritySome fixes available 1 of 4
An issue was discovered in the rack-cors (aka Rack CORS Middleware) gem before 1.0.4 for Ruby. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in...
1 affected packages
ruby-rack-cors
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ruby-rack-cors | Not affected | Not affected | Not affected | Vulnerable | Fixed |
CVE-2017-11173
Medium prioritySome fixes available 2 of 3
Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted example.com domain name and not the malicious...
1 affected packages
ruby-rack-cors
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ruby-rack-cors | — | — | — | Not affected | Fixed |