Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GO-2024-2813
HistoryMay 21, 2024 - 3:08 p.m.

Some CORS middleware allow untrusted origins in github.com/jub0bs/cors

2024-05-2115:08:01
Google
osv.dev
3
cors
middleware
untrusted origins
cross-origin attacks
software

AI Score

7

Confidence

Low

JSON

Some CORS middleware (more specifically those created by specifying two or more origin patterns whose hosts share a proper suffix) incorrectly allow some untrusted origins, thereby opening the door to cross-origin attacks from the untrusted origins in question.

For example, specifying origin patterns “https://foo.com” and “https://bar.com” (in that order) would yield a middleware that would incorrectly allow untrusted origin “https://barfoo.com”.

AI Score

7

Confidence

Low

JSON