CVE-2024-27456

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions rack-cors (aka Rack CORS Middleware) version 2.0.1

Description The issue is related to incorrectly used standard permissions in the Rack CORS Middleware, which may allow an attacker to impact the integrity, confidentiality, and availability of information. The .rb files have 0666 permissions.

Recommendations For version 2.0.1, consider changing the permissions of the .rb files to a more secure setting to prevent potential exploitation. As a temporary workaround, restrict access to the .rb files until a patch is available.

Exploit

Fix

Incorrect Default Permissions

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276CWE-200

Related Identifiers

BDU:2024-01609

CVE-2024-27456

GHSA-785G-282Q-PWVX

Affected Products

Rack-Cors

CVE-2024-27456

Weakness Enumeration

Related Identifiers

Affected Products

References · 15