DerScanner
Home / Vulnerability Database / Ruby : Unsafe cross-origin resource sharing (CORS) policy
Ruby

Ruby : Unsafe cross-origin resource sharing (CORS) policy

Classification

OWASP Top 10 2013
A5-Security Misconfiguration
OWASP Top 10 2017
A5-Broken Access ControlA6-Security Misconfiguration
OWASP Top 10 2021
A1-Broken Access ControlA5-Security MisconfigurationA4-Insecure DesignA8-Software and Data Integrity Failures
OWASP ASVS
ConfigurationConfiguration
CWE
CWE-183CWE-345CWE-346CWE-451CWE-942CWE-1031

Overview

Insecure CORS configuration may lead to the data being compromised.

CORS (Cross Origin Resource Policy) is a defined in the HTML5 standard mechanism that enables JavaScript code to work with data from another domain.

CORS parameter that was defined not precisely enough may lead to the application data being compromised.

References

  1. OWASP Top 10 2017-A5-Broken Access Control
  2. OWASP: HTML5 Security Cheat Sheet
  3. Cross-Origin Resource Sharing - w3.org
MEDIUM

DerScanner Severity Score

Do you want to fix Ruby : Unsafe cross-origin resource sharing (CORS) policy in your application?

See also

Ruby

Ruby : Weak hashing algorithm

Ruby

Ruby : Empty encryption key

Ruby

Ruby : Hardcoded sensitive data