Vulnerability Report: GO-2023-1792
- CVE-2018-20744, GHSA-927h-x4qj-r242
- Affects: github.com/rs/cors
- Published: Jun 08, 2023
- Modified: May 20, 2024
The CORS handler actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems.
Affected Packages
-
PathGo VersionsSymbols
-
before v1.5.0
5 affected symbols
Aliases
References
- https://github.com/rs/cors/pull/57
- https://github.com/rs/cors/issues/55
- https://vuln.go.dev/ID/GO-2023-1792.json
Feedback
See anything missing or incorrect?
Suggest an edit to this report.