exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 5

CVE-2019-25211

больше 1 года назад

parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/* is allowed when the intention is that only https://example.com/* should be allowed, and http://localhost.example.com/* is allowed when the intention is that only http://localhost/* should be allowed.

CVSS3: 9.1

EPSS: Низкий

CVE-2019-25211

больше 1 года назад

parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/* is allowed when the intention is that only https://example.com/* should be allowed, and http://localhost.example.com/* is allowed when the intention is that only http://localhost/* should be allowed.

CVSS3: 6.5

EPSS: Низкий

CVE-2019-25211

больше 1 года назад

parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/* is allowed when the intention is that only https://example.com/* should be allowed, and http://localhost.example.com/* is allowed when the intention is that only http://localhost/* should be allowed.

CVSS3: 9.1

EPSS: Низкий

CVE-2019-25211

больше 1 года назад

parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandle ...

CVSS3: 9.1

EPSS: Низкий

GHSA-869c-j7wc-8jqv

больше 1 года назад

Gin mishandles a wildcard at the end of an origin string

CVSS3: 9.1

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2019-25211 parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/* is allowed when the intention is that only https://example.com/* should be allowed, and http://localhost.example.com/* is allowed when the intention is that only http://localhost/* should be allowed.	CVSS3: 9.1	0% Низкий	больше 1 года назад
CVE-2019-25211 parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/* is allowed when the intention is that only https://example.com/* should be allowed, and http://localhost.example.com/* is allowed when the intention is that only http://localhost/* should be allowed.	CVSS3: 6.5	0% Низкий	больше 1 года назад
CVE-2019-25211 parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/* is allowed when the intention is that only https://example.com/* should be allowed, and http://localhost.example.com/* is allowed when the intention is that only http://localhost/* should be allowed.	CVSS3: 9.1	0% Низкий	больше 1 года назад
CVE-2019-25211 parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandle ...	CVSS3: 9.1	0% Низкий	больше 1 года назад
GHSA-869c-j7wc-8jqv Gin mishandles a wildcard at the end of an origin string	CVSS3: 9.1	0% Низкий	больше 1 года назад

Уязвимостей на страницу