Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted example.com domain name and not the malicious example.net domain name, then example.com.example.net (as well as example.com-example.net) would be inadvertently allowed.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
rack-cors 安全漏洞
Vulnerability Description
rack-cors是一款用于跨源的资源共享的中间件。regex是一个创建在其中的正则表达式。 rack-cors 0.4.1之前的版本中的创建的regex存在安全漏洞。攻击者可利用该漏洞执行跨源资源共享请求。
CVSS Information
N/A
Vulnerability Type
N/A