Rack CORS Middleware has Insecure File Permissions
Published: February 26, 2024
SECURITY IDENTIFIERS
- CVE: CVE-2024-27456 (NVD)
- GHSA: GHSA-785g-282q-pwvx
GEM
UNAFFECTED VERSIONS
< 2.0.1
PATCHED VERSIONS
>= 2.0.2
DESCRIPTION
rack-cors (aka Rack CORS Middleware) 2.0.1 has 0666 permissions for the .rb files.