Rack-cors Project - Rack-cors CVE

Filtered by vendor Rack-cors Project Subscribe

Filtered by product Rack-cors

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 1 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2019-18978	3 Canonical, Debian, Rack-cors Project	3 Ubuntu Linux, Debian Linux, Rack-cors	2021-05-21	5.0 MEDIUM	5.3 MEDIUM
An issue was discovered in the rack-cors (aka Rack CORS Middleware) gem before 1.0.4 for Ruby. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format.

Vulnerabilities (CVE)