CVE-2019-18978

Published about 1 month ago
Category: File Access
Source: GitHub
Severity: Critical

Vulnerability in rack-cors

An issue was discovered in the rack-cors (aka Rack CORS Middleware) gem before 1.0.4 for Ruby. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format.

CVSS Metrics
Access Vector Access Complexity Authentication Confidentiality Impact Integrity Impact Availability Impact
n/a n/a n/a n/a n/a n/a
Patched Versions

>= 1.0.4

Unaffected Versions

n/a

References

n/a