Headline

GHSA-jcr6-mmjj-pchw: gorilla/handlers may allow requester to bypass expected behavior of the Same Origin Policy

Usage of the CORS handler may apply improper CORS headers, allowing the requester to explicitly control the value of the Access-Control-Allow-Origin header, which bypasses the expected behavior of the Same Origin Policy.

2 years ago

ghsa

Open in Source

#git

gorilla/handlers may allow requester to bypass expected behavior of the Same Origin Policy

Moderate severity GitHub Reviewed Published Dec 28, 2022 • Updated Dec 30, 2022

2 years ago

CVE

Open in Source

ghsa: Latest News

GHSA-3m86-c9x3-vwm9: Graylog vulnerable to privilege escalation through API tokens

12 hours ago

ghsa

GHSA-3q26-f695-pp76: @cyanheads/git-mcp-server vulnerable to command injection in several tools

12 hours ago

ghsa

GHSA-6r2x-8pq8-9489: Electron vulnerable to Heap Buffer Overflow in NativeImage

13 hours ago

ghsa

GHSA-v8fr-vxmw-6mf6: Mattermost Incorrect Authorization vulnerability

13 hours ago

ghsa

GHSA-wgvp-jj4w-88hf: Mattermost Incorrect Authorization vulnerability

13 hours ago

ghsa

Headline

GHSA-jcr6-mmjj-pchw: gorilla/handlers may allow requester to bypass expected behavior of the Same Origin Policy

Related news

ghsa: Latest News