Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-3457: Enforce 'Origin' validation · ikus060/rdiffweb@afc1bdf

Origin Validation Error in GitHub repository ikus060/rdiffweb prior to 2.5.0a5.

CVE
Open in Source
#web#git

@@ -93,6 +93,15 @@ def test_post_with_wrong_origin(self): self.assertStatus(403) self.assertInBody(‘Unexpected Origin header’)
def test_post_with_prefixed_origin(self): # Given a POST request made to rdiffweb # When the request is made using a different origin base = ‘http://%s:%s’ % (self.HOST + 'anything.com’, self.PORT) self.getPage('/dashboard/’, headers=[(‘Origin’, base)], method=’POST’) # Then the request is accepted with 200 OK self.assertStatus(403) self.assertInBody(‘Unexpected Origin header’)
def test_post_with_valid_origin(self): # Given a POST request made to rdiffweb # When the request is made using a different origin

Related news

GHSA-824x-jcxf-hpfg: Origin Validation Error in rdiffweb

ikus060/rdiffweb prior to 2.5.0a5 did not enforce origin validation in web traffic.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE