GHSA Sync: 1 brand new advisory (#754)

rubysec · Feb 27, 2024 · 4c738a9 · 4c738a9
1 parent fc2aa0d
commit 4c738a9
Showing 1 changed file with 16 additions and 0 deletions.
diff --git a/gems/rack-cors/CVE-2024-27456.yml b/gems/rack-cors/CVE-2024-27456.yml
@@ -0,0 +1,16 @@
+---
+gem: rack-cors
+cve: 2024-27456
+ghsa: 785g-282q-pwvx
+url: https://github.com/advisories/GHSA-785g-282q-pwvx
+title: Rack CORS Middleware has Insecure File Permissions
+date: 2024-02-26
+description: |
+  rack-cors (aka Rack CORS Middleware) 2.0.1 has 0666 permissions
+  for the .rb files.
+notes: Never patched
+related:
+  url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2024-27456
+    - https://github.com/cyu/rack-cors/issues/274
+    - https://github.com/advisories/GHSA-785g-282q-pwvx