PT-2017-11796 · Ruby · Rack-Cors

Jens Mueller

Published

2017-07-13

Updated

2020-03-03

CVE-2017-11173

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions rack-cors versions prior to 0.4.1

Description The issue allows a malicious third-party site to perform CORS requests due to a missing anchor in the generated regex. This could lead to unintended domains being allowed if the configuration is set to trust specific domain names. For instance, if the configuration is intended to allow only the trusted example.com domain name and not the malicious example.net domain name, then example.com.example.net (as well as example.com-example.net) would be inadvertently allowed.

Recommendations For versions prior to 0.4.1, update to version 0.4.1 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2017-11173

DSA-3931-1

GHSA-2J9C-9VMV-7M39

Affected Products

Rack-Cors

PT-2017-11796 · Ruby · Rack-Cors

CVE-2017-11173

Related Identifiers

Affected Products

References · 13