Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rack-cors project rack-cors vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2017-11173
Missing anchor in generated regex for rack-cors prior to 0.4.1 allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted example.com domain name and not the malicious example.net domain name, then example.com.exampl...
Rack-cors Project Rack-cors
Debian Debian Linux 9.0
5.3
CVSSv3
CVE-2019-18978
An issue exists in the rack-cors (aka Rack CORS Middleware) gem prior to 1.0.4 for Ruby. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format.
Rack-cors Project Rack-cors
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 16.04
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654
CVE-2023-49606
encryption
NULL pointer dereference
CVE-2024-4439
CVE-2024-4649
race condition
CVE-2024-27202
CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started