rack-cors (RubyGems) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the RubyGems package rack-cors, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVE-2017-11173 — CVSS 8.8 (high): Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests. If the…
CVE-2019-18978 — CVSS 5.3 (medium): An issue was discovered in the rack-cors (aka Rack CORS Middleware) gem before 1.0.4 for Ruby. It allows ../ directory traversal to access…