Rack-cors Project Rack-cors — known CVE vulnerabilities
Every CVE whose affected-product data names Rack-cors Project Rack-cors, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2017-11173 — CVSS 8.8 (high): Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests. If the…
CVE-2019-18978 — CVSS 5.3 (medium): An issue was discovered in the rack-cors (aka Rack CORS Middleware) gem before 1.0.4 for Ruby. It allows ../ directory traversal to access…