PT-2019-6072 · Ruby+2 · Rack-Cors+2

Cyu

·

Publicado

2019-11-14

·

Atualizado

2024-07-27

·

CVE-2019-18978

CVSS v3.1

5.3

Média

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions rack-cors versions prior to 1.0.4
Description The issue allows for ../ directory traversal, enabling access to private resources. This is due to the fact that resource matching does not ensure pathnames are in a canonical format. The vulnerability can be exploited by a remote attacker to gain access to confidential data.
Recommendations For versions prior to 1.0.4, update to version 1.0.4 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive resources to minimize the risk of exploitation.

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

ALT-PU-2021-2719
ALT-PU-2023-4270
ALT-PU-2024-7816
BDU:2021-04587
CVE-2019-18978
DLA-2096-1
DLA-2389-1
DSA-4918-1
GHSA-PF8F-W267-MQ2H
USN-4571-1

Produtos afetados

Alt Linux
Ubuntu
Rack-Cors