Debian Security Advisory

DSA-3931-1 ruby-rack-cors -- security update

Date Reported:
10 Aug 2017
Affected Packages:
ruby-rack-cors
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2017-11173.
More information:

Jens Mueller discovered that an incorrect regular expression in rack-cors may lead to insufficient restriction of CORS requests.

For the stable distribution (stretch), this problem has been fixed in version 0.4.0-1+deb9u1.

We recommend that you upgrade your ruby-rack-cors packages.