Описание
Usage of the CORS handler may apply improper CORS headers, allowing the requester to explicitly control the value of the Access-Control-Allow-Origin header, which bypasses the expected behavior of the Same Origin Policy.
A flaw was found in Gorilla. Usage of the CORS handler may apply improper CORS headers, allowing the requester to explicitly control the value of the Access-Control-Allow-Origin header, which bypasses the expected behavior of the Same Origin Policy.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Logging Subsystem for Red Hat OpenShift | openshift-logging/logging-loki-rhel8 | Not affected | ||
| Migration Toolkit for Containers | rhmtc/openshift-migration-registry-rhel8 | Not affected | ||
| OpenShift API for Data Protection | oadp/oadp-registry-rhel8 | Not affected | ||
| OpenShift API for Data Protection | oadp/oadp-velero-plugin-rhel8 | Not affected | ||
| OpenShift Developer Tools and Services | helm | Not affected | ||
| OpenShift Developer Tools and Services | jenkins-operator-container | Not affected | ||
| OpenShift Serverless | openshift-serverless-1/client-kn-rhel8 | Not affected | ||
| OpenShift Serverless | openshift-serverless-1/ingress-rhel8-operator | Not affected | ||
| OpenShift Serverless | openshift-serverless-1-knative-client-plugin-event-sender-rhel8-container | Not affected | ||
| Red Hat 3scale API Management Platform 2 | 3scale-operator-container | Not affected |
Показывать по
Дополнительная информация
Статус:
7 High
CVSS3
Связанные уязвимости
Usage of the CORS handler may apply improper CORS headers, allowing the requester to explicitly control the value of the Access-Control-Allow-Origin header, which bypasses the expected behavior of the Same Origin Policy.
Usage of the CORS handler may apply improper CORS headers, allowing the requester to explicitly control the value of the Access-Control-Allow-Origin header, which bypasses the expected behavior of the Same Origin Policy.
Usage of the CORS handler may apply improper CORS headers, allowing th ...
gorilla/handlers may allow requester to bypass expected behavior of the Same Origin Policy
7 High
CVSS3