Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-mh55-gqvf-xfwm

Опубликовано: 05 июл. 2024
Источник: github
Github: Прошло ревью

Описание

Denial of service via malicious preflight requests in github.com/rs/cors

Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers (ACRH) header whose value contains many commas. This behavior can be abused by attackers to produce undue load on the middleware/server as an attempt to cause a denial of service.

Ссылки

Пакеты

Наименование

github.com/rs/cors

go
Затронутые версииВерсия исправления

>= 1.9.0, < 1.11.0

1.11.0

EPSS

Процентиль: 15%
0.00049
Низкий

CVE ID

CVE-2025-47908

Дефекты

CWE-770

Связанные уязвимости

ubuntu логотип

CVE-2025-47908

CVSS3: 7.5
ubuntu
12 дней назад

Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers (ACRH) header whose value contains many commas. This behavior can be abused by attackers to produce undue load on the middleware/server as an attempt to cause a denial of service.

redhat логотип

CVE-2025-47908

CVSS3: 5.3
redhat
12 дней назад

Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers (ACRH) header whose value contains many commas. This behavior can be abused by attackers to produce undue load on the middleware/server as an attempt to cause a denial of service.

nvd логотип

CVE-2025-47908

CVSS3: 7.5
nvd
12 дней назад

Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers (ACRH) header whose value contains many commas. This behavior can be abused by attackers to produce undue load on the middleware/server as an attempt to cause a denial of service.

debian логотип

CVE-2025-47908

CVSS3: 7.5
debian
12 дней назад

Middleware causes a prohibitive amount of heap allocations when proces ...

EPSS

Процентиль: 15%
0.00049
Низкий

CVE ID

CVE-2025-47908

Дефекты

CWE-770