CVE-2017-20146

Опубликовано: 27 дек. 2022

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Usage of the CORS handler may apply improper CORS headers, allowing the requester to explicitly control the value of the Access-Control-Allow-Origin header, which bypasses the expected behavior of the Same Origin Policy.

Ссылки

https://github.com/gorilla/handlers/commit/90663712d74cb411cbef281bc1e08c19d1a76145
Patch
Third Party Advisory
https://github.com/gorilla/handlers/pull/116
Patch
Third Party Advisory
https://pkg.go.dev/vuln/GO-2020-0020
Third Party Advisory
https://github.com/gorilla/handlers/commit/90663712d74cb411cbef281bc1e08c19d1a76145
Patch
Third Party Advisory
https://github.com/gorilla/handlers/pull/116
Patch
Third Party Advisory
https://pkg.go.dev/vuln/GO-2020-0020
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gorillatoolkit:handlers:*:*:*:*:*:go:*:*

Версия до 1.3.0 (исключая)

EPSS

Процентиль: 30%

0.00108

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-346

Связанные уязвимости

CVE-2017-20146

CVSS3: 9.8

ubuntu

около 3 лет назад

CVE-2017-20146

CVSS3: 7

redhat

около 3 лет назад

CVE-2017-20146

CVSS3: 9.8

debian

около 3 лет назад

Usage of the CORS handler may apply improper CORS headers, allowing th ...

GHSA-jcr6-mmjj-pchw

CVSS3: 9.8

github

около 3 лет назад

gorilla/handlers may allow requester to bypass expected behavior of the Same Origin Policy

EPSS

Процентиль: 30%

0.00108

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-346