48 matches found
Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Path Traversal vulnerability due to github.com/gin-gonic/gin
Summary github.com/gin-gonic/gin is used by IBM watsonx Orchestrate Developer Edition as part of image: tools-runtime-manager Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM watson...
EUVD-2022-7542
Malicious code in bioql PyPI...
EUVD-2024-1974
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2019-25211
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/ is allowed...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.13.53 bug fix and security update
Red Hat OpenShift Container Platform release 4.13.53 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a...
CVE-2019-25211
parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/ is allowed when the intention is that only https://example.com/ should be allowed, and http://localhost.example.com/ is allowed when the intention is...
SUSE CVE-2019-25211
parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/ is allowed when the intention is that only https://example.com/ should be allowed, and http://localhost.example.com/ is allowed when the intention is...
GO-2024-2955 Gin mishandles a wildcard in the origin string in github.com/gin-contrib/cors
Gin-Gonic CORS middleware mishandles a wildcard at the end of an origin string. Examples: https://example.community/ is accepted by the origin string https://example.com/ and http://localhost.example.com/ is accepted by the origin string http://localhost/...
GHSA-869C-J7WC-8JQV Gin mishandles a wildcard at the end of an origin string
parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/ is allowed when the intention is that only https://example.com/ should be allowed, and http://localhost.example.com/ is allowed when the intention is...
Gin mishandles a wildcard at the end of an origin string
parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/ is allowed when the intention is that only https://example.com/ should be allowed, and http://localhost.example.com/ is allowed when the intention is...
CVE-2019-25211
parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/ is allowed when the intention is that only https://example.com/ should be allowed, and http://localhost.example.com/ is allowed when the intention is...
CVE-2019-25211
parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/ is allowed when the intention is that only https://example.com/ should be allowed, and http://localhost.example.com/ is allowed when the intention is...
DEBIAN-CVE-2019-25211
parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/ is allowed when the intention is that only https://example.com/ should be allowed, and http://localhost.example.com/ is allowed when the intention is...
UBUNTU-CVE-2019-25211
parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/ is allowed when the intention is that only https://example.com/ should be allowed, and http://localhost.example.com/ is allowed when the intention is...
CVE-2019-25211
parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/ is allowed when the intention is that only https://example.com/ should be allowed, and http://localhost.example.com/ is allowed when the intention is...
Gin-Gonic CORS middleware security vulnerability
Gin-Gonic CORS middleware is a Gin middleware program from Gin-Gonic open source. A security vulnerability exists in Gin-Gonic CORS middleware versions prior to 1.6.0 due to improper handling of wildcards at the end of source strings...
PT-2024-10742
Name of the Vulnerable Software and Affected Versions: Gin-Gonic CORS middleware versions prior to 1.6.0 Description: The issue arises from the mishandling of a wildcard at the end of an origin string by the parseWildcardRules function in Gin-Gonic CORS middleware. This results in unintended...
CVE-2019-25211
CVE-2019-25211 affects golang-gin-contrib/cors (Gin Gonic CORS middleware). The issue: parseWildcardRules mishandles a trailing wildcard in an origin (e.g., https://example.community/, http://localhost.example.com/ ), allowing unintended origins. Affected versions are before 1.6.0; fixed in 1.6.0...
CVE-2019-25211
parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/ is allowed when the intention is that only https://example.com/ should be allowed, and http://localhost.example.com/ is allowed when the intention is...
CVE-2019-25211
parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/ is allowed when the intention is that only https://example.com/ should be allowed, and http://localhost.example.com/ is allowed when the intention is...