USN-4571-1: rack-cors vulnerability
05 October 2020
rack-cors would allow unintended access to files over the network.
- ruby-rack-cors - provides support for Cross-Origin Resource Sharing (CORS) for Rack compatible web applications
It was discovered that rack-cors did not properly handle relative file
paths. An attacker could use this vulnerability to access arbitrary files.