Sha256: f35eae5707f9dfe82a167e277c0d2bed4e039b9f0fca7e6f860b11d98d9f6415
Contents?: true
Size: 498 Bytes
Versions: 1
Compression:
Stored size: 498 Bytes
Contents
--- gem: rack-cors cve: 2019-18978 ghsa: pf8f-w267-mq2h url: https://github.com/cyu/rack-cors/commit/e4d4fc362a4315808927011cbe5afcfe5486f17d date: 2019-11-15 title: rack-cors directory traversal via path description: | An issue was discovered in the rack-cors (aka Rack CORS Middleware) gem before 1.0.4 for Ruby. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format. patched_versions: - ">= 1.0.4"
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| bundler-audit-0.7.0.1 | data/ruby-advisory-db/gems/rack-cors/CVE-2019-18978.yml |