4 matches found
Security Bulletin: IBM Edge Application Manager 4.5 addresses the security vulnerability listed in the CVE below.
Summary IBM Edge Application Manager 4.5 addresses the security vulnerability listed in the CVE below. Vulnerability Details CVEID:CVE-2022-1996 DESCRIPTION: go-restful could allow a remote attacker to bypass security restrictions, caused by improper regular expression implementation in the CORS...
GO-2022-0619 Authorization bypass in github.com/emicklei/go-restful, go-restful/v2 and go-restful/v3
CORS filters that use an AllowedDomains configuration parameter can match domains outside the specified set, permitting an attacker to avoid the CORS policy. The AllowedDomains configuration parameter is documented as a list of allowed origin domains, but values in this list are applied as regula...
Authorization Bypass
github.com/emicklei/go-restful is vulnerable to Authorization Bypass. A remote attacker is capable of breaking CORS policy via the user-controlled AllowedDomains parameter, allowing any page to make requests and/or retrieve data on behalf of other users...
CVE-2022-1996
A flaw was found in CORS Filter feature from the go-restful package. When a user inputs a domain which is in AllowedDomains, all domains starting with the same pattern are accepted. This issue could allow an attacker to break the CORS policy by allowing any page to make requests and retrieve data...