GHSA-785g-282q-pwvx
Suggest an improvement- Source
- https://github.com/advisories/GHSA-785g-282q-pwvx
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-785g-282q-pwvx/GHSA-785g-282q-pwvx.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-785g-282q-pwvx
- Aliases
- Published
- 2024-02-26T18:30:31Z
- Modified
- 2024-03-04T18:51:48Z
- Summary
- Rack CORS Middleware has Insecure File Permissions
- Details
-
rack-cors (aka Rack CORS Middleware) 2.0.1 has 0666 permissions for the .rb files.
- Database specific
{ "cwe_ids": [], "github_reviewed_at": "2024-02-26T22:15:06Z", "github_reviewed": true, "severity": "MODERATE", "nvd_published_at": "2024-02-26T16:28:00Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2024-27456
- https://github.com/cyu/rack-cors/issues/274
- https://github.com/advisories/GHSA-785g-282q-pwvx
- https://github.com/cyu/rack-cors
- https://github.com/cyu/rack-cors/blob/878063987bd1ca956282dda95697fd821bf24d2e/CHANGELOG.md#changed
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack-cors/CVE-2024-27456.yml
Affected packages
RubyGems / rack-cors
Package
- Name
- rack-cors
- Purl
- pkg:gem/rack-cors