6 matches found
@elysiajs/apollo (>=0.4.3 <=1.0.3), @glowlabs-org/crm-bindings (>=0.0.43 <=0.1.2-alpha.2) +12 more potentially affected by CVE-2025-50864 via @elysiajs/cors (>=0.3.0 <=0.8.0)
@elysiajs/cors NPM version =0.3.0, =0.4.3, =0.0.43, =0.0.1, =0.10.78, =0.1.0, =0.0.1, =1.0.50, =1.0.0, =0.0.21, =1.0.50, =1.0.51 - volter =0.0.0 Source cves: CVE-2025-50864 Source advisory: OSV:GHSA-F9QJ-4C5X-CPCW...
Origin Validation Error
Overview @elysiajs/cors is a Plugin for Elysia that for Cross Origin Requests CORs Affected versions of this package are vulnerable to Origin Validation Error via improper validation in the processOrigin function. An attacker can gain unauthorized access to user data by supplying a malicious orig...
CVE-2025-50864
An Origin Validation Error in the elysia-cors library thru 1.3.0 allows attackers to bypass Cross-Origin Resource Sharing CORS restrictions. The library incorrectly validates the supplied origin by checking if it is a substring of any domain in the site's CORS policy, rather than performing an...
CVE-2025-50864
An Origin Validation Error in the elysia-cors library thru 1.3.0 allows attackers to bypass Cross-Origin Resource Sharing CORS restrictions. The library incorrectly validates the supplied origin by checking if it is a substring of any domain in the site's CORS policy, rather than performing an...
CVE-2025-50864
An Origin Validation Error in the elysia-cors library thru 1.3.0 allows attackers to bypass Cross-Origin Resource Sharing CORS restrictions. The library incorrectly validates the supplied origin by checking if it is a substring of any domain in the site's CORS policy, rather than performing an...
CVE-2025-50864
An Origin Validation Error in the elysia-cors library thru 1.3.0 allows attackers to bypass Cross-Origin Resource Sharing CORS restrictions. The library incorrectly validates the supplied origin by checking if it is a substring of any domain in the site's CORS policy, rather than performing an...