CVE-2017-11173 (debian_linux, rack-cors)

Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted domain name and not the malicious domain name, then (as well as would be inadvertently allowed.

View Full Alert

Leave a Reply