Moderate severityNVD Advisory· Published Feb 26, 2024· Updated Aug 2, 2024
CVE-2024-27456
CVE-2024-27456
Description
rack-cors (aka Rack CORS Middleware) 2.0.1 has 0666 permissions for the .rb files.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
rack-corsRubyGems | >= 2.0.1, < 2.0.2 | 2.0.2 |
Affected products
2- rack-cors/Rack CORS Middlewaredescription
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-785g-282q-pwvxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-27456ghsaADVISORY
- github.com/cyu/rack-cors/blob/878063987bd1ca956282dda95697fd821bf24d2e/CHANGELOG.mdghsaWEB
- github.com/cyu/rack-cors/issues/274ghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/rack-cors/CVE-2024-27456.ymlghsaWEB
News mentions
0No linked articles in our index yet.