VYPR

Rack Cors

by Rack Cors Project

Source repositories

CVEs (1)

  • CVE-2017-11173HigJul 13, 2017
    risk 0.50cvss 8.8epss 0.02

    Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted example.com domain name and not the malicious example.net domain name, then…