CVE-2024-27456
EPSS 0.15%Rack CORS Middleware has Insecure File Permissions
發布日:2024/2/26修改日:2024/3/4
描述
rack-cors (aka Rack CORS Middleware) 2.0.1 has 0666 permissions for the .rb files.
受影響套件(1)
- RubyGems/rack-cors>= 2.0.1, < 2.0.2
參考連結(6)
- ADVISORYhttps://github.com/advisories/GHSA-785g-282q-pwvx
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-27456
- PATCHhttps://github.com/cyu/rack-cors
- WEBhttps://github.com/cyu/rack-cors/blob/878063987bd1ca956282dda95697fd821bf24d2e/CHANGELOG.md#changed
- WEBhttps://github.com/cyu/rack-cors/issues/274
- WEBhttps://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack-cors/CVE-2024-27456.yml