CVE-2019-18978
https://notcve.org/view.php?id=CVE-2019-18978
An issue was discovered in the rack-cors (aka Rack CORS Middleware) gem before 1.0.4 for Ruby. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format. Se descubrió un problema en la gema rack-cors (también se conoce como Rack CORS Middleware) versiones anteriores a la versión 1.0.4 para Ruby. Permite que un salto de directorio ../ acceda a recursos privados porque la coincidencia de recursos no garantiza que los nombres de ruta estén en formato canónico. • https://github.com/cyu/rack-cors/commit/e4d4fc362a4315808927011cbe5afcfe5486f17d https://github.com/cyu/rack-cors/compare/v1.0.3...v1.0.4 https://lists.debian.org/debian-lts-announce/2020/02/msg00004.html https://lists.debian.org/debian-lts-announce/2020/10/msg00000.html https://usn.ubuntu.com/4571-1 https://www.debian.org/security/2021/dsa-4918 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2017-11173
https://notcve.org/view.php?id=CVE-2017-11173
Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted example.com domain name and not the malicious example.net domain name, then example.com.example.net (as well as example.com-example.net) would be inadvertently allowed. La falta de anclaje en la expresión regular (regex) generada para rack-cors anterior a versión 0.4.1 permite que un sitio de terceros malicioso realice peticiones CORS. Si la configuración estuviera destinada a permitir solo el nombre de dominio de confianza example.com y no el nombre de dominio malicioso example.net, entonces, podría ser permitido inadvertidamente example.com.example.net (así como example.com-example.net). • http://seclists.org/fulldisclosure/2017/Jul/22 http://www.debian.org/security/2017/dsa-3931 https://github.com/cyu/rack-cors/commit/42ebe6caa8e85ffa9c8a171bda668ba1acc7a5e6 https://packetstormsecurity.com/files/143345/rack-cors-Missing-Anchor.html •