Steveklabnik Request Store vulnerabilities

1 known vulnerability affecting steveklabnik/request_store.

Total CVEs

1

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

HIGH1

Vulnerabilities

Page 1 of 1

CVE-2024-43791HIGHCVSS 7.8v1.3.2v= 1.3.22024-08-23

CVE-2024-43791 [HIGH] CWE-276 CVE-2024-43791: RequestStore provides per-request global storage for Rack. The files published as part of request_st RequestStore provides per-request global storage for Rack. The files published as part of request_store 1.3.2 have 0666 permissions, meaning that they are world-writable, which allows local users to execute arbitrary code. This version was published in 2017, and most production environments do not allow access for local users, so the chances of this b