From faa8285b85c1493d22ae0f0a221012d8b7892b3e Mon Sep 17 00:00:00 2001 From: pepelyaevip Date: Thu, 29 Feb 2024 03:02:09 +0000 Subject: [PATCH] ALT Vulnerability --- oval/p10/ALT-PU-2023-4270/definitions.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/oval/p10/ALT-PU-2023-4270/definitions.json b/oval/p10/ALT-PU-2023-4270/definitions.json index 24539663f4..a50a152b83 100644 --- a/oval/p10/ALT-PU-2023-4270/definitions.json +++ b/oval/p10/ALT-PU-2023-4270/definitions.json @@ -40,7 +40,7 @@ "Source": "CVE" } ], - "Description": "This update upgrades gem-rack-cors to version 2.0.1.0-alt0.1. \nSecurity Fix(es):\n\n * BDU:2021-04587: Уязвимость ПО организации совместимости приложений Rack с CORS Rack-cors, связанная с некорректным ограничением имени пути к каталогу, позволяющая нарушителю получить доступ к конфиденциальным данным\n\n * CVE-2019-18978: An issue was discovered in the rack-cors (aka Rack CORS Middleware) gem before 1.0.4 for Ruby. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format.", + "Description": "This update upgrades gem-rack-cors to version 2.0.1.0-alt0.1. \nSecurity Fix(es):\n\n * BDU:2021-04587: Уязвимость программного обеспечения организации совместимости приложений Rack с CORS Rack-cors, связанная с некорректным ограничением имени пути к каталогу, позволяющая нарушителю получить доступ к конфиденциальным данным\n\n * CVE-2019-18978: An issue was discovered in the rack-cors (aka Rack CORS Middleware) gem before 1.0.4 for Ruby. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format.", "Advisory": { "From": "errata.altlinux.org", "Severity": "Low",