Описание
When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections.
EPSS
Процентиль: 1%
0.00012
Низкий
5.4 Medium
CVSS3
Дефекты
Связанные уязвимости
CVSS3: 5.4
ubuntu
2 месяца назад
When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections.
CVSS3: 5.4
debian
2 месяца назад
When using http.CrossOriginProtection, the AddInsecureBypassPattern me ...
EPSS
Процентиль: 1%
0.00012
Низкий
5.4 Medium
CVSS3