Source: ruby-rack-cors Version: 2.0.1-2 Severity: important Tags: security upstream Forwarded: https://github.com/cyu/rack-cors/issues/274 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for ruby-rack-cors. CVE-2024-27456[0]: | rack-cors (aka Rack CORS Middleware) 2.0.1 has 0666 permissions for | the .rb files. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-27456 https://www.cve.org/CVERecord?id=CVE-2024-27456 [1] https://github.com/cyu/rack-cors/issues/274 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
