Skip to main content

Rack Cors

2 CVEs product

Monthly

CVE-2019-18978 Ruby MEDIUM PATCH This Month

An issue was discovered in the rack-cors (aka Rack CORS Middleware) gem before 1.0.4 for Ruby. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Canonical Rack Cors Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
5.3
EPSS
2.5%
CVE-2017-11173 Ruby HIGH PATCH This Week

Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Rack Cors Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

An issue was discovered in the rack-cors (aka Rack CORS Middleware) gem before 1.0.4 for Ruby. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Canonical Rack Cors +2
NVD GitHub
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Rack Cors Debian Linux
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy