GHSA-vh9x-phq6-fx54

Опубликовано: 06 авг. 2025

Источник: github

Github: Прошло ревью

CVSS4: 2.7

Описание

Duplicate Advisory: Denial of service via malicious preflight requests in github.com/rs/cors

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-mh55-gqvf-xfwm. This link is maintained to preserve external references.

Original Description

Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers (ACRH) header whose value contains many commas. This behavior can be abused by attackers to produce undue load on the middleware/server as an attempt to cause a denial of service.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2025-47908
https://github.com/rs/cors/issues/170
https://github.com/rs/cors/pull/171
https://pkg.go.dev/vuln/GO-2024-2883

Пакеты

Наименование

github.com/rs/cors

Затронутые версииВерсия исправления

>= 1.9.0, < 1.11.0

1.11.0

2.7 Low

CVSS4

Дефекты

CWE-770

2.7 Low

CVSS4

Дефекты

CWE-770