CVE-2024-27456Sensitive Information Exposure in Project Rack-cors

CWE-200Sensitive Information ExposureCWE-276Incorrect Default Permissions5 documents5 sources
Severity
9.1CRITICALNVD
EPSS
0.2%
top 64.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Rack-cors Project Rack-corsRylabs Rack Cors MiddlewareDebian Ruby-rack-cors
Timeline
PublishedFeb 26

Description

rack-cors (aka Rack CORS Middleware) 2.0.1 has 0666 permissions for the .rb files.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages3 packages

RubyGemsrack-cors_project/rack-cors2.0.12.0.2

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
Rack CORS Middleware has Insecure File Permissions2024-02-26
OSV
Rack CORS Middleware has Insecure File Permissions2024-02-26

📋Vendor Advisories

2
Red Hat
rack-cors: Insecure File Permissions in rack-cors2024-02-26
Debian
CVE-2024-27456: ruby-rack-cors - rack-cors (aka Rack CORS Middleware) 2.0.1 has 0666 permissions for the .rb file...2024