CVE-2019-18978: The rack-cors rubygem may allow directory traveral
5.3
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.72685%
CWE
Published
11/15/2019
Updated
1/23/2023
KEV Status
No
Technology
Ruby
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
rack-cors | rubygems | < 1.0.4 | 1.0.4 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from improper path normalization before resource matching. The commit e4d4fc3 introduced a new evaluate_path function to unescape and resolve paths, then passed this sanitized path to process_preflight, process_cors, and match_resource. Prior to this fix, these functions used the raw env[PATH_INFO] value, which could contain unescaped '../' sequences. The lack of canonicalization in match_resource (which performed the actual resource matching) allowed attackers to bypass access controls. The high confidence comes from the explicit patch changes showing these functions were modified to accept sanitized paths, and test cases added to verify path traversal prevention.