GHSA-2J9C-9VMV-7M39

Vulnerability from github – Published: 2018-07-31 18:18 – Updated: 2023-09-05 21:45
VLAI?
Summary
Missing Regex anchor in Rack-Cors allows malicious third party site to perform CORS request
Details

Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted example.com domain name and not the malicious example.net domain name, then example.com.example.net (as well as example.com-example.net) would be inadvertently allowed.

Severity ?
8.8 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "rack-cors"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.4.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2017-11173"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T20:52:24Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted `example.com` domain name and not the malicious `example.net` domain name, then `example.com.example.net` (as well as `example.com-example.net`) would be inadvertently allowed.",
  "id": "GHSA-2j9c-9vmv-7m39",
  "modified": "2023-09-05T21:45:13Z",
  "published": "2018-07-31T18:18:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11173"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cyu/rack-cors/commit/42ebe6caa8e85ffa9c8a171bda668ba1acc7a5e6"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/cyu/rack-cors"
    },
    {
      "type": "WEB",
      "url": "https://packetstormsecurity.com/files/143345/rack-cors-Missing-Anchor.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2017/Jul/22"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2017/dsa-3931"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Missing Regex anchor in Rack-Cors allows malicious third party site to perform CORS request"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.