Rack-Cors Project: >> Rack-Cors >> 1.0.0 Security Vulnerabilities
An issue was discovered in the rack-cors (aka Rack CORS Middleware) gem before 1.0.4 for Ruby. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format.
CVSS Score
5.3
EPSS Score
0.008
Published
2019-11-14