There's an insecure file permissions in the rack-cors ruby gem. The files are set with too permissive permissions (0666), leading to a possible disclosure or modification of files. https://github.com/cyu/rack-cors/issues/274
Created rubygem-rack-cors tracking bugs for this issue: Affects: fedora-all [bug 2266158]
Created rubygem-rack-cors tracking bugs for this issue: Affects: epel-7 [bug 2266159]