Package impact
RubyGems / rack-cors
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-11173 | high | 8.8 | 8.8 | 11y ago | Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted example.com dom… | |||
| CVE-2024-27456 | unknown | — | — | 2y ago | rack-cors (aka Rack CORS Middleware) 2.0.1 has 0666 permissions for the .rb files. | |||
| CVE-2019-18978 | unknown | — | — | 7y ago | An issue was discovered in the rack-cors (aka Rack CORS Middleware) gem before 1.0.4 for Ruby. It allows ../ directory traversal to access private resources because resource matching does not ensure … |