CVE-2017-11173

Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted example.com domain name and not the malicious example.net domain name, then example.com.example.net (as well as example.com-example.net) would be inadvertently allowed.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 81%
VendorProductVersion
rack-cors_projectrack-cors
𝑥
< 0.4.1
debiandebian_linux
9.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ruby-rack-cors
bookworm
1.1.1-1
fixed
bullseye
1.1.1-1
fixed
jessie
not-affected
sid
2.0.1-2
fixed
trixie
2.0.1-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ruby-rack-cors
disco
not-affected
cosmic
not-affected
bionic
not-affected
artful
not-affected
zesty
Fixed 0.4.0-1+deb9u1build0.17.04.1
released
yakkety
ignored
xenial
Fixed 0.4.0-1+deb9u1build0.16.04.1
released
trusty
dne
References
http://seclists.org/fulldisclosure/2017/Jul/22
http://www.debian.org/security/2017/dsa-3931
https://github.com/cyu/rack-cors/commit/42ebe6caa8e85ffa9c8a171bda668ba1acc7a5e6
https://packetstormsecurity.com/files/143345/rack-cors-Missing-Anchor.html
http://seclists.org/fulldisclosure/2017/Jul/22
http://www.debian.org/security/2017/dsa-3931
https://github.com/cyu/rack-cors/commit/42ebe6caa8e85ffa9c8a171bda668ba1acc7a5e6
https://packetstormsecurity.com/files/143345/rack-cors-Missing-Anchor.html