The Olivier Poitrey Go CORS handler through 1.3.0 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/gofiber/fiber/v2 | lt | 2.43.0 | |
github.com/gofiber/fiber/v2 | ge | 2.0.0 |