8 matches found
CVE-2025-47909
Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, allowing network MitMs to perform CSRF attacks. After the CVE-2025-24358 fix, a network attacker that places a form at http://example.com can't get it to submit to https://example.com because the Origin...
SUSE CVE-2025-47909
Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, allowing network MitMs to perform CSRF attacks. After the CVE-2025-24358 fix, a network attacker that places a form at http://example.com can't get it to submit to https://example.com because the Origin...
UBUNTU-CVE-2025-47909
Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, allowing network MitMs to perform CSRF attacks. After the CVE-2025-24358 fix, a network attacker that places a form at http://example.com can't get it to submit to https://example.com because the Origin...
CVE-2025-47909 Improper validation of TrustedOrigins allows CSRF attacks in github.com/gorilla/csrf
Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, allowing network MitMs to perform CSRF attacks. After the CVE-2025-24358 fix, a network attacker that places a form at http://example.com can't get it to submit to https://example.com because the Origin...
CVE-2025-47909 Improper validation of TrustedOrigins allows CSRF attacks in github.com/gorilla/csrf
Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, allowing network MitMs to perform CSRF attacks. After the CVE-2025-24358 fix, a network attacker that places a form at http://example.com can't get it to submit to https://example.com because the Origin...
CVE-2025-47909
The CVE-2025-47909 entry describes a CSRF vulnerability in gorilla/csrf related to how TrustedOrigins can permit both HTTP and HTTPS origins. Affected component: gorilla/csrf (Go web middleware). Root cause: Origin/Trust logic allows a host listed in TrustedOrigins to bypass same-origin checks, e...
GO-2025-3884 Improper validation of TrustedOrigins allows CSRF attacks in github.com/gorilla/csrf
Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, allowing network MitMs to perform CSRF attacks. After the CVE-2025-24358 fix, a network attacker that places a form at http://example.com can't get it to submit to https://example.com because the Origin...
PT-2025-35244
Name of the Vulnerable Software and Affected Versions: Go affected versions not specified Description: Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, potentially enabling network attackers to perform Cross-Site Request Forgery CSRF attacks. Following...