Search CVE reports

Toggle filters

1 – 3 of 3 results

CVE-2024-27456

Negligible priority
Not affected

rack-cors (aka Rack CORS Middleware) 2.0.1 has 0666 permissions for the .rb files.

1 affected package

ruby-rack-cors

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
ruby-rack-cors Not affected Not affected Not affected Not affected
Show less packages

CVE-2019-18978

Medium priority

Some fixes available 1 of 4

An issue was discovered in the rack-cors (aka Rack CORS Middleware) gem before 1.0.4 for Ruby. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in...

1 affected package

ruby-rack-cors

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
ruby-rack-cors Not affected Not affected Not affected Vulnerable
Show less packages

CVE-2017-11173

Medium priority

Some fixes available 2 of 3

Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted example.com domain name and not the malicious...

1 affected package

ruby-rack-cors

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
ruby-rack-cors Not affected
Show less packages