Skip to content

Commit 431a0fd

Browse files
jasnowRubySec CI
jasnow
authored and
RubySec CI
committed
Updated advisory posts against rubysec/ruby-advisory-db@4c738a9 
1 parent 57ae2d6 commit 431a0fd

File tree

1 file changed

+23
-0
lines changed

1 file changed

+23
-0
lines changed

advisories/_posts/2024-02-26-CVE-2024-27456.md

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
---
2+
layout: advisory
3+
title: 'CVE-2024-27456 (rack-cors): Rack CORS Middleware has Insecure File Permissions'
4+
comments: false
5+
categories:
6+
- rack-cors
7+
advisory:
8+
gem: rack-cors
9+
cve: 2024-27456
10+
ghsa: 785g-282q-pwvx
11+
url: https://github.com/advisories/GHSA-785g-282q-pwvx
12+
title: Rack CORS Middleware has Insecure File Permissions
13+
date: 2024-02-26
14+
description: |
15+
rack-cors (aka Rack CORS Middleware) 2.0.1 has 0666 permissions
16+
for the .rb files.
17+
notes: Never patched
18+
related:
19+
url:
20+
- https://nvd.nist.gov/vuln/detail/CVE-2024-27456
21+
- https://github.com/cyu/rack-cors/issues/274
22+
- https://github.com/advisories/GHSA-785g-282q-pwvx
23+
---

0 commit comments

Comments
 (0)