GHSA Sync: 1 brand new advisory (#754)

jasnow · web-flow · commit 4c738a976a8e · 2024-02-27T12:14:28.000-08:00
diff --git a/gems/rack-cors/CVE-2024-27456.yml b/gems/rack-cors/CVE-2024-27456.yml
@@ -0,0 +1,16 @@
+---
+gem: rack-cors
+cve: 2024-27456
+ghsa: 785g-282q-pwvx
+url: https://github.com/advisories/GHSA-785g-282q-pwvx
+title: Rack CORS Middleware has Insecure File Permissions
+date: 2024-02-26
+description: |
+  rack-cors (aka Rack CORS Middleware) 2.0.1 has 0666 permissions
+  for the .rb files.
+notes: Never patched
+related:
+  url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2024-27456
+    - https://github.com/cyu/rack-cors/issues/274
+    - https://github.com/advisories/GHSA-785g-282q-pwvx
