Debian Security Advisory
DSA-3931-1 ruby-rack-cors -- security update
- Date Reported:
- 10 Aug 2017
- Affected Packages:
- ruby-rack-cors
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2017-11173.
- More information:
-
Jens Mueller discovered that an incorrect regular expression in rack-cors may lead to insufficient restriction of CORS requests.
For the stable distribution (stretch), this problem has been fixed in version 0.4.0-1+deb9u1.
We recommend that you upgrade your ruby-rack-cors packages.