Lucene search
PRIOn knowledge basePRION:CVE-2019-18978HistoryNov 14, 2019 - 9:15 p.m.
Directory traversal
2019-11-1421:15:00
PRIOn knowledge base
www.prio-n.com
5
An issue was discovered in the rack-cors (aka Rack CORS Middleware) gem before 1.0.4 for Ruby. It allows …/ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ubuntu_linux | eq | 16.04 | |
| debian_linux | eq | 8.0 | |
| debian_linux | eq | 9.0 | |
| debian_linux | eq | 10.0 | |
| rack-cors | lt | 1.0.4 |
References
Related
ubuntucve
ubuntucve
CVE-2019-18978
2019-11-14 00:00:00
osv
osv
ruby-rack-cors - security update
2020-10-01 00:00:00
ruby-rack-cors - security update
2020-02-06 00:00:00
ruby-rack-cors - security update
2021-05-18 00:00:00
cve
cve
CVE-2019-18978
2019-11-14 21:15:12
nessus
nessus
Debian DLA-2389-1 : ruby-rack-cors security update
2020-10-05 00:00:00
Ubuntu 16.04 LTS : rack-cors vulnerability (USN-4571-1)
2020-10-05 00:00:00
Debian DLA-2096-1 : ruby-rack-cors security update
2020-02-07 00:00:00
debian
debian
[SECURITY] [DSA 4918-1] ruby-rack-cors security update
2021-05-18 14:42:40
[SECURITY] [DLA 2096-1] ruby-rack-cors security update
2020-02-06 07:31:50
[SECURITY] [DSA 4918-1] ruby-rack-cors security update
2021-05-18 14:42:40
openvas
openvas
Debian: Security Advisory (DSA-4918-1)
2021-05-19 00:00:00
Debian: Security Advisory (DLA-2389-1)
2020-10-02 00:00:00
Ubuntu: Security Advisory (USN-4571-1)
2020-10-06 00:00:00
nvd
nvd
CVE-2019-18978
2019-11-14 21:15:12
github
github
The rack-cors rubygem may allow directory traveral
2019-11-15 20:26:59
ubuntu
ubuntu
rack-cors vulnerability
2020-10-05 00:00:00
debiancve
debiancve
CVE-2019-18978
2019-11-14 21:15:12
veracode
veracode
Directory Traversal
2019-11-15 03:08:48
cvelist
cvelist
CVE-2019-18978
2019-11-14 20:21:24
freebsd
freebsd
Gitlab -- Multiple Vulnerabilities
2020-01-30 00:00:00