drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Rechteprüfung in ruby-rack-cors
| Name: |
Mangelnde Rechteprüfung in ruby-rack-cors |
|
| ID: |
DSA-4918-1 |
|
| Distribution: |
Debian |
|
| Plattformen: |
Debian buster |
|
| Datum: |
Di, 18. Mai 2021, 23:43 |
|
| Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18978 |
|
| Applikationen: |
ruby-rack-cors |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4918-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
May 18, 2021 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : ruby-rack-cors
CVE ID : CVE-2019-18978
Debian Bug : 944849
Improper pathname handling in ruby-rack-cors, a middleware that makes
Rack-based apps CORS compatible, may result in access to private
resources.
For the stable distribution (buster), this problem has been fixed in
version 1.0.2-1+deb10u1.
We recommend that you upgrade your ruby-rack-cors packages.
For the detailed security status of ruby-rack-cors please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/ruby-rack-cors
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmCj0dBfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0Qa5RAAj83zCX2vWyCHGB666nYEbcFjPdU47TpZiUV3FRbwlR2dLPO0T4AW+SFv
XFwGUiCh3BcZouLO5fv+mmkxgj9/0K22q8Y3Ak1pkdJyk5Jr8afyftrgDCMMk6HO
aiGmqMj/CVrOnyILgkUlQzGhFJk7JRmstwM/q9kkpKOWaFzuMsSHtpolM8TJqUyt
x5SmnJlk/uNmOpXzq5LHfF1jGH8IhbGQLcFmnu40AspNRJWBF6TEEYgHJCSJ2+8b
nkDoC/3yRpFpWpv9jgcnEmZ3cHJcKAlqmNHSCHMTBUC8gVDSJL3Ncdg+7OHmg+pZ
FxmM63RJOtV+3p7K8iXvwBL9WxdbIF6yRC8haLYW6VSr11CbNXNmSqfMfXLdJUkB
xY15rYMBNEW4e0NJ9CMBZQaIIvjHNo0l2YBwG66FSd3HPH7rR+eCAsLuUcJNvB/F
TwMCiqLPsVE5G6SvvbbkQitqcK24f9fjEKP5MJtz9Ozaa6r0s5LDteg2jPL2yKOf
BcMKu5dD3u21UXm0594thouOdKOtZKn/sxal91kuhSDy/r7hZb1O6nShngDjgE0A
mODzUgKm9HQFcySbOgYFh1oElKmWvhLtFrhhycne8bKARso0XfK95tXeyOB5J/yS
O2k5i4UjMCOB8OSmZ64b1XSqsHKm/uRkU3ZU2HL38Hm1pH5TeZw=
=wNnZ
-----END PGP SIGNATURE-----
|
|
|
|
