Lucene search
K

4 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/05/31 5:50 a.m.44 views

Security Bulletin: IBM Edge Application Manager 4.5 addresses the security vulnerability listed in the CVE below.

Summary IBM Edge Application Manager 4.5 addresses the security vulnerability listed in the CVE below. Vulnerability Details CVEID:CVE-2022-1996 DESCRIPTION: go-restful could allow a remote attacker to bypass security restrictions, caused by improper regular expression implementation in the CORS...

9.3CVSS9.6AI score0.02737EPSS
Exploits1Affected Software1
OSV
OSV
added 2022/08/15 6:5 p.m.19 views

GO-2022-0619 Authorization bypass in github.com/emicklei/go-restful, go-restful/v2 and go-restful/v3

CORS filters that use an AllowedDomains configuration parameter can match domains outside the specified set, permitting an attacker to avoid the CORS policy. The AllowedDomains configuration parameter is documented as a list of allowed origin domains, but values in this list are applied as regula...

9.3CVSS10AI score0.02737EPSS
Exploits1References2
Veracode
Veracode
added 2022/06/09 7:19 a.m.25 views

Authorization Bypass

github.com/emicklei/go-restful is vulnerable to Authorization Bypass. A remote attacker is capable of breaking CORS policy via the user-controlled AllowedDomains parameter, allowing any page to make requests and/or retrieve data on behalf of other users...

9.1CVSS10AI score0.02737EPSS
Exploits1References21Affected Software4
RedhatCVE
RedhatCVE
added 2022/06/08 7:2 p.m.48 views

CVE-2022-1996

A flaw was found in CORS Filter feature from the go-restful package. When a user inputs a domain which is in AllowedDomains, all domains starting with the same pattern are accepted. This issue could allow an attacker to break the CORS policy by allowing any page to make requests and retrieve data...

9.3CVSS4.2AI score0.02737EPSS
Exploits1References3
Rows per page
Query Builder