2 matches found
CVE-2023-49803
@koa/cors npm provides Cross-Origin Resource Sharing CORS for koa, a web framework for Node.js. Prior to version 5.0.0, the middleware operates in a way that if an allowed origin is not provided, it will return an Access-Control-Allow-Origin header with the value of the origin from the request...
CVE-2023-49803
The CVE concerns the @koa/cors middleware for koa (Node.js). Before version 5.0.0, if an allowed origin is not provided, the middleware returns Access-Control-Allow-Origin with the request’s origin, effectively bypassing the browser’s Same-Origin Policy and exposing cross-origin data as described...