Rack CORS Middleware has Insecure File Permissions · CVE-2024-27456 · GitHub Advisory Database · GitHub

Rack CORS Middleware has Insecure File Permissions

Moderate severity GitHub Reviewed Published Feb 26, 2024 to the GitHub Advisory Database • Updated Mar 4, 2024

Package

rack-cors (RubyGems)

Affected versions

= 2.0.1

Patched versions

2.0.2

Description

rack-cors (aka Rack CORS Middleware) 2.0.1 has 0666 permissions for the .rb files.

References

Published by the National Vulnerability Database

Feb 26, 2024

Published to the GitHub Advisory Database Feb 26, 2024

Reviewed Feb 26, 2024

Last updated Mar 4, 2024