2 matches found
@elysiajs/apollo (>=0.4.3 <=1.0.3), @glowlabs-org/crm-bindings (>=0.0.43 <=0.1.2-alpha.2) +12 more potentially affected by CVE-2025-50864 via @elysiajs/cors (>=0.3.0 <=0.8.0)
@elysiajs/cors NPM version =0.3.0, =0.4.3, =0.0.43, =0.0.1, =0.10.78, =0.1.0, =0.0.1, =1.0.50, =1.0.0, =0.0.21, =1.0.50, =1.0.51 - volter =0.0.0 Source cves: CVE-2025-50864 Source advisory: OSV:GHSA-F9QJ-4C5X-CPCW...
CVE-2025-50864
The CVE-2025-50864 entry describes an Origin Validation Error in the elysia-cors library (through version 1.3.0) that permits unauthorized access to user data. The root cause is improper origin validation: the origin is checked as a substring against any domain in the CORS policy instead of an ex...