10 matches found
EUVD-2024-0918
Malicious code in bioql PyPI...
CVE-2024-27302
go-zero is a web and rpc framework. Go-zero allows user to specify a CORS Filter with a configurable allows param - which is an array of domains allowed in CORS policy. However, the isOriginAllowed uses strings.HasSuffix to check the origin, which leads to bypass via a malicious domain. This...
CVE-2024-27302
go-zero is a web and rpc framework. Go-zero allows user to specify a CORS Filter with a configurable allows param - which is an array of domains allowed in CORS policy. However, the isOriginAllowed uses strings.HasSuffix to check the origin, which leads to bypass via a malicious domain. This...
CVE-2024-27302 Authorization Bypass Through User-Controlled Key in go-zero
go-zero is a web and rpc framework. Go-zero allows user to specify a CORS Filter with a configurable allows param - which is an array of domains allowed in CORS policy. However, the isOriginAllowed uses strings.HasSuffix to check the origin, which leads to bypass via a malicious domain. This...
CVE-2024-27302
Go-zero (web/RPC framework) contains a CORS Filter vulnerability where isOriginAllowed uses strings.HasSuffix, enabling bypass by a malicious domain. This can break the CORS policy and allow a page to make requests or retrieve data on behalf of other users. The issue affects the configurable allo...
CVE-2024-27302 Authorization Bypass Through User-Controlled Key in go-zero
go-zero is a web and rpc framework. Go-zero allows user to specify a CORS Filter with a configurable allows param - which is an array of domains allowed in CORS policy. However, the isOriginAllowed uses strings.HasSuffix to check the origin, which leads to bypass via a malicious domain. This...
go-zero Security Vulnerabilities
go-zero is a web and RPC framework open sourced by the go-zero team. A security vulnerability exists in go-zero versions prior to 1.4.4 that stems from allowing a user to specify filters with configurable parameters, leading to malicious domain bypass...
GHSA-FGXV-GW55-R5FQ Authorization Bypass Through User-Controlled Key in go-zero
Summary Hello go-zero maintainer team, I would like to report a security concerning your CORS Filter feature. Details Go-zero allows user to specify a CORS Filter with a configurable allows param - which is an array of domains allowed in CORS policy. However, the isOriginAllowed uses...
Authorization Bypass Through User-Controlled Key in go-zero
Summary Hello go-zero maintainer team, I would like to report a security concerning your CORS Filter feature. Details Go-zero allows user to specify a CORS Filter with a configurable allows param - which is an array of domains allowed in CORS policy. However, the isOriginAllowed uses...
PT-2024-21806 · Zero G · Go-Zero
Name of the Vulnerable Software and Affected Versions: go-zero versions prior to 1.4.4 Description: The issue concerns the CORS Filter feature in go-zero, which allows users to specify an array of domains allowed in the CORS policy. However, the isOriginAllowed function uses strings.HasSuffix to...