22 matches found
EUVD-2022-3267
Malicious code in bioql PyPI...
EUVD-2022-7663
Malicious code in bioql PyPI...
EUVD-2025-1995
Malicious code in bioql PyPI...
Go CORS handler 安全漏洞
Go CORS handler is a configurable handler for handling CORS requests by the individual developer Olivier Poitrey. A security vulnerability exists in Go CORS handler that stems from a potential over-allocation of heap when handling malicious preflight requests, which could lead to a denial of...
CVE-2025-5320
A vulnerability classified as problematic has been found in gradio-app gradio up to 5.29.1. This affects the function isvalidorigin of the component CORS Handler. The manipulation of the argument localhostaliases leads to erweiterte Rechte. It is possible to initiate the attack remotely. The...
CVE-2025-5320 gradio-app gradio CORS is_valid_origin privilege escalation
A vulnerability classified as problematic has been found in gradio-app gradio up to 5.29.1. This affects the function isvalidorigin of the component CORS Handler. The manipulation of the argument localhostaliases leads to erweiterte Rechte. It is possible to initiate the attack remotely. The...
CVE-2025-5320 gradio-app gradio CORS is_valid_origin privilege escalation
A vulnerability classified as problematic has been found in gradio-app gradio up to 5.29.1. This affects the function isvalidorigin of the component CORS Handler. The manipulation of the argument localhostaliases leads to erweiterte Rechte. It is possible to initiate the attack remotely. The...
CVE-2025-5320
CVE-2025-5320 affects gradio-app/gradio up to version 5.29.1. The vulnerability lies in the CORS Handler’s is_valid_origin function, where manipulating the localhost_aliases argument can lead to an origin validation error and potential privilege escalation. Exploitation is described as remote wit...
PT-2025-23161 · Gradio · Gradio
Name of the Vulnerable Software and Affected Versions: gradio-app gradio versions up to 5.29.1 Description: A vulnerability has been found in the function is valid origin of the component CORS Handler. The manipulation of the argument localhost aliases leads to an origin validation error. It is...
CVE-2025-1083
A vulnerability classified as problematic was found in Mindskip xzs-mysql 学之思开源考试系统 3.9.0. Affected by this vulnerability is an unknown functionality of the component CORS Handler. The manipulation leads to permissive cross-domain policy with untrusted domains. The attack can be launched remotely...
CVE-2025-1083 Mindskip xzs-mysql 学之思开源考试系统 CORS cross-domain policy
A vulnerability classified as problematic was found in Mindskip xzs-mysql 学之思开源考试系统 3.9.0. Affected by this vulnerability is an unknown functionality of the component CORS Handler. The manipulation leads to permissive cross-domain policy with untrusted domains. The attack can be launched remotely...
xzs-mysql 安全漏洞
xzs-mysql is a front-end and back-end separated exam system open source by China Mindskip Technology mindskip. A security vulnerability exists in xzs-mysql version 3.9.0, which stems from the component CORS Handler that can lead to overly lax cross-domain policies for untrusted domains...
CVE-2017-20146
A flaw was found in Gorilla. Usage of the CORS handler may apply improper CORS headers, allowing the requester to explicitly control the value of the Access-Control-Allow-Origin header, which bypasses the expected behavior of the Same Origin Policy...
CVE-2017-20146
Usage of the CORS handler may apply improper CORS headers, allowing the requester to explicitly control the value of the Access-Control-Allow-Origin header, which bypasses the expected behavior of the Same Origin Policy...
Design/Logic Flaw
Usage of the CORS handler may apply improper CORS headers, allowing the requester to explicitly control the value of the Access-Control-Allow-Origin header, which bypasses the expected behavior of the Same Origin Policy...
CVE-2017-20146
Usage of the CORS handler may apply improper CORS headers, allowing the requester to explicitly control the value of the Access-Control-Allow-Origin header, which bypasses the expected behavior of the Same Origin Policy...
CVE-2017-20146 Improper access control in github.com/gorilla/handlers
Usage of the CORS handler may apply improper CORS headers, allowing the requester to explicitly control the value of the Access-Control-Allow-Origin header, which bypasses the expected behavior of the Same Origin Policy...
CVE-2017-20146
Usage of the CORS handler may apply improper CORS headers, allowing the requester to explicitly control the value of the Access-Control-Allow-Origin header, which bypasses the expected behavior of the Same Origin Policy...
GO-2020-0020 Improper access control in github.com/gorilla/handlers
Usage of the CORS handler may apply improper CORS headers, allowing the requester to explicitly control the value of the Access-Control-Allow-Origin header, which bypasses the expected behavior of the Same Origin Policy...
CVE-2018-20744
The Olivier Poitrey Go CORS handler through 1.3.0 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems...