2 matches found
CVE-2023-28109
Play With Docker (browser-based Docker playground) is affected by a CORS configuration vulnerability. Versions 0.0.2 and earlier allow domain hijacking: an attacker can craft requests with Origin header set to evil-play-with-docker.com, causing the server to echo header values in responses and by...
CVE-2023-28109 Play With Docker vulnerable to Authorization Bypass Through User-Controlled Key
Play With Docker is a browser-based Docker playground. Versions 0.0.2 and prior are vulnerable to domain hijacking. Because CORS configuration was not correct, an attacker could use play-with-docker.com as an example and set the origin header in an http request as evil-play-with-docker.com. The...