Описание
Usage of the CORS handler may apply improper CORS headers, allowing the requester to explicitly control the value of the Access-Control-Allow-Origin header, which bypasses the expected behavior of the Same Origin Policy.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| golang-github-gorilla-handlers | fixed | 1.3.0-1 | package |
Примечания
https://github.com/gorilla/handlers/pull/116
https://github.com/gorilla/handlers/commit/90663712d74cb411cbef281bc1e08c19d1a76145 (v1.3.0)
EPSS
Связанные уязвимости
Usage of the CORS handler may apply improper CORS headers, allowing the requester to explicitly control the value of the Access-Control-Allow-Origin header, which bypasses the expected behavior of the Same Origin Policy.
Usage of the CORS handler may apply improper CORS headers, allowing the requester to explicitly control the value of the Access-Control-Allow-Origin header, which bypasses the expected behavior of the Same Origin Policy.
Usage of the CORS handler may apply improper CORS headers, allowing the requester to explicitly control the value of the Access-Control-Allow-Origin header, which bypasses the expected behavior of the Same Origin Policy.
gorilla/handlers may allow requester to bypass expected behavior of the Same Origin Policy
EPSS