Lucene search
K

257 matches found

RedhatCVE
RedhatCVE
added 2024/07/05 5:7 a.m.19 views

CVE-2019-25211

parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/ is allowed when the intention is that only https://example.com/ should be allowed, and http://localhost.example.com/ is allowed when the intention is...

6.5CVSS9AI score0.00428EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2024/07/04 4:24 a.m.4 views

SUSE CVE-2019-25211

parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/ is allowed when the intention is that only https://example.com/ should be allowed, and http://localhost.example.com/ is allowed when the intention is...

9.1CVSS6.9AI score0.00428EPSS
Exploits0References3
OSV
OSV
added 2024/07/02 7:23 p.m.33 views

GO-2024-2955 Gin mishandles a wildcard in the origin string in github.com/gin-contrib/cors

Gin-Gonic CORS middleware mishandles a wildcard at the end of an origin string. Examples: https://example.community/ is accepted by the origin string https://example.com/ and http://localhost.example.com/ is accepted by the origin string http://localhost/...

9.1CVSS7.6AI score0.00428EPSS
Exploits0References6
OSV
OSV
added 2024/06/29 6:31 a.m.12 views

GHSA-869C-J7WC-8JQV Gin mishandles a wildcard at the end of an origin string

parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/ is allowed when the intention is that only https://example.com/ should be allowed, and http://localhost.example.com/ is allowed when the intention is...

9.3CVSS7.5AI score0.00428EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2024/06/29 6:31 a.m.21 views

Gin mishandles a wildcard at the end of an origin string

parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/ is allowed when the intention is that only https://example.com/ should be allowed, and http://localhost.example.com/ is allowed when the intention is...

9.1CVSS6.8AI score0.00428EPSS
Exploits0References8Affected Software2
NVD
NVD
added 2024/06/29 12:15 a.m.28 views

CVE-2019-25211

parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/ is allowed when the intention is that only https://example.com/ should be allowed, and http://localhost.example.com/ is allowed when the intention is...

9.1CVSS0.00428EPSS
Exploits0References6
OSV
OSV
added 2024/06/29 12:15 a.m.3 views

DEBIAN-CVE-2019-25211

parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/ is allowed when the intention is that only https://example.com/ should be allowed, and http://localhost.example.com/ is allowed when the intention is...

9.1CVSS6.4AI score0.00428EPSS
Exploits0References1
OSV
OSV
added 2024/06/29 12:15 a.m.14 views

CVE-2019-25211

parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/ is allowed when the intention is that only https://example.com/ should be allowed, and http://localhost.example.com/ is allowed when the intention is...

9.1CVSS6.6AI score
Exploits0References6
UbuntuCve
UbuntuCve
added 2024/06/29 12:15 a.m.20 views

CVE-2019-25211

parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/ is allowed when the intention is that only https://example.com/ should be allowed, and http://localhost.example.com/ is allowed when the intention is...

9.1CVSS6.6AI score0.00428EPSS
Exploits0References6
OSV
OSV
added 2024/06/29 12:15 a.m.13 views

UBUNTU-CVE-2019-25211

parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/ is allowed when the intention is that only https://example.com/ should be allowed, and http://localhost.example.com/ is allowed when the intention is...

9.1CVSS5.8AI score0.00428EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/06/29 12:0 a.m.5 views

Gin-Gonic CORS middleware security vulnerability

Gin-Gonic CORS middleware is a Gin middleware program from Gin-Gonic open source. A security vulnerability exists in Gin-Gonic CORS middleware versions prior to 1.6.0 due to improper handling of wildcards at the end of source strings...

9.1CVSS6.7AI score0.00428EPSS
Exploits0References8
OSV
OSV
added 2024/06/28 3:28 p.m.21 views

GO-2024-2928 SQL injection vulnerability in Gin-vue-admin in github.com/flipped-aurora/gin-vue-admin

SQL injection vulnerability in Gin-vue-admin in github.com/flipped-aurora/gin-vue-admin...

8.8CVSS9.1AI score0.00513EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/06/28 12:0 a.m.6 views

PT-2024-10742

Name of the Vulnerable Software and Affected Versions: Gin-Gonic CORS middleware versions prior to 1.6.0 Description: The issue arises from the mishandling of a wildcard at the end of an origin string by the parseWildcardRules function in Gin-Gonic CORS middleware. This results in unintended...

9.3CVSS7.4AI score0.00428EPSS
Exploits0References20
Vulnrichment
Vulnrichment
added 2024/06/28 12:0 a.m.17 views

CVE-2019-25211

parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/ is allowed when the intention is that only https://example.com/ should be allowed, and http://localhost.example.com/ is allowed when the intention is...

6.7AI score0.00428EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/06/28 12:0 a.m.37 views

CVE-2019-25211

parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/ is allowed when the intention is that only https://example.com/ should be allowed, and http://localhost.example.com/ is allowed when the intention is...

0.00428EPSS
Exploits0References5
CVE
CVE
added 2024/06/28 12:0 a.m.104 views

CVE-2019-25211

CVE-2019-25211 affects golang-gin-contrib/cors (Gin Gonic CORS middleware). The issue: parseWildcardRules mishandles a trailing wildcard in an origin (e.g., https://example.community/, http://localhost.example.com/ ), allowing unintended origins. Affected versions are before 1.6.0; fixed in 1.6.0...

9.1CVSS6.9AI score0.00428EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2024/06/28 12:0 a.m.14 views

CVE-2019-25211

parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/ is allowed when the intention is that only https://example.com/ should be allowed, and http://localhost.example.com/ is allowed when the intention is...

9.1CVSS6.4AI score0.00428EPSS
Exploits0
Veracode
Veracode
added 2024/06/21 8:15 a.m.28 views

SQL Injection

Gin-vue-admin is vulnerable to SQL injection. The vulnerability is due to insufficient validation user input which allows an attacker to execute arbitrary SQL queries...

8.8CVSS8.2AI score0.00513EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/06/17 8:15 p.m.24 views

CVE-2024-37896

Gin-vue-admin is a backstage management system based on vue and gin. Gin-vue-admin = v2.6.5 has SQL injection vulnerability. The SQL injection vulnerabilities occur when a web application allows users to input data into SQL queries without sufficiently validating or sanitizing the input. Failing ...

8.8CVSS0.00513EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/06/17 7:33 p.m.37 views

CVE-2024-37896 SQL injection vulnerability in Gin-vue-admin

Gin-vue-admin is a backstage management system based on vue and gin. Gin-vue-admin = v2.6.5 has SQL injection vulnerability. The SQL injection vulnerabilities occur when a web application allows users to input data into SQL queries without sufficiently validating or sanitizing the input. Failing ...

8.8CVSS0.00513EPSS
Exploits0References2
Rows per page
Query Builder