257 matches found
CVE-2019-25211
parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/ is allowed when the intention is that only https://example.com/ should be allowed, and http://localhost.example.com/ is allowed when the intention is...
SUSE CVE-2019-25211
parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/ is allowed when the intention is that only https://example.com/ should be allowed, and http://localhost.example.com/ is allowed when the intention is...
GO-2024-2955 Gin mishandles a wildcard in the origin string in github.com/gin-contrib/cors
Gin-Gonic CORS middleware mishandles a wildcard at the end of an origin string. Examples: https://example.community/ is accepted by the origin string https://example.com/ and http://localhost.example.com/ is accepted by the origin string http://localhost/...
GHSA-869C-J7WC-8JQV Gin mishandles a wildcard at the end of an origin string
parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/ is allowed when the intention is that only https://example.com/ should be allowed, and http://localhost.example.com/ is allowed when the intention is...
Gin mishandles a wildcard at the end of an origin string
parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/ is allowed when the intention is that only https://example.com/ should be allowed, and http://localhost.example.com/ is allowed when the intention is...
CVE-2019-25211
parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/ is allowed when the intention is that only https://example.com/ should be allowed, and http://localhost.example.com/ is allowed when the intention is...
DEBIAN-CVE-2019-25211
parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/ is allowed when the intention is that only https://example.com/ should be allowed, and http://localhost.example.com/ is allowed when the intention is...
CVE-2019-25211
parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/ is allowed when the intention is that only https://example.com/ should be allowed, and http://localhost.example.com/ is allowed when the intention is...
CVE-2019-25211
parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/ is allowed when the intention is that only https://example.com/ should be allowed, and http://localhost.example.com/ is allowed when the intention is...
UBUNTU-CVE-2019-25211
parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/ is allowed when the intention is that only https://example.com/ should be allowed, and http://localhost.example.com/ is allowed when the intention is...
Gin-Gonic CORS middleware security vulnerability
Gin-Gonic CORS middleware is a Gin middleware program from Gin-Gonic open source. A security vulnerability exists in Gin-Gonic CORS middleware versions prior to 1.6.0 due to improper handling of wildcards at the end of source strings...
GO-2024-2928 SQL injection vulnerability in Gin-vue-admin in github.com/flipped-aurora/gin-vue-admin
SQL injection vulnerability in Gin-vue-admin in github.com/flipped-aurora/gin-vue-admin...
PT-2024-10742
Name of the Vulnerable Software and Affected Versions: Gin-Gonic CORS middleware versions prior to 1.6.0 Description: The issue arises from the mishandling of a wildcard at the end of an origin string by the parseWildcardRules function in Gin-Gonic CORS middleware. This results in unintended...
CVE-2019-25211
parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/ is allowed when the intention is that only https://example.com/ should be allowed, and http://localhost.example.com/ is allowed when the intention is...
CVE-2019-25211
parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/ is allowed when the intention is that only https://example.com/ should be allowed, and http://localhost.example.com/ is allowed when the intention is...
CVE-2019-25211
CVE-2019-25211 affects golang-gin-contrib/cors (Gin Gonic CORS middleware). The issue: parseWildcardRules mishandles a trailing wildcard in an origin (e.g., https://example.community/, http://localhost.example.com/ ), allowing unintended origins. Affected versions are before 1.6.0; fixed in 1.6.0...
CVE-2019-25211
parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/ is allowed when the intention is that only https://example.com/ should be allowed, and http://localhost.example.com/ is allowed when the intention is...
SQL Injection
Gin-vue-admin is vulnerable to SQL injection. The vulnerability is due to insufficient validation user input which allows an attacker to execute arbitrary SQL queries...
CVE-2024-37896
Gin-vue-admin is a backstage management system based on vue and gin. Gin-vue-admin = v2.6.5 has SQL injection vulnerability. The SQL injection vulnerabilities occur when a web application allows users to input data into SQL queries without sufficiently validating or sanitizing the input. Failing ...
CVE-2024-37896 SQL injection vulnerability in Gin-vue-admin
Gin-vue-admin is a backstage management system based on vue and gin. Gin-vue-admin = v2.6.5 has SQL injection vulnerability. The SQL injection vulnerabilities occur when a web application allows users to input data into SQL queries without sufficiently validating or sanitizing the input. Failing ...