4 matches found
Authorization Bypass
github.com/gorilla/handlers is vulnerable to authorization bypass. The vulnerability exists in the ServeHTTP function in cors.go due to improperly implemented CORS headers which allows an attacker to bypass header values...
GHSA-JCR6-MMJJ-PCHW gorilla/handlers may allow requester to bypass expected behavior of the Same Origin Policy
Usage of the CORS handler may apply improper CORS headers, allowing the requester to explicitly control the value of the Access-Control-Allow-Origin header, which bypasses the expected behavior of the Same Origin Policy...
GO-2020-0020 Improper access control in github.com/gorilla/handlers
Usage of the CORS handler may apply improper CORS headers, allowing the requester to explicitly control the value of the Access-Control-Allow-Origin header, which bypasses the expected behavior of the Same Origin Policy...
Improper Access Control
github.com/gorilla/handlers is vulnerable to improper access control. The vulnerability exists because it does not perform sufficient origin header access checks due to the misconfiguration of CORS, allowing an attacker to send malicious AJAX requests or HTML Document through it bypassing the sam...