Improper Origin Validation

Bokeh is vulnerable to improper origin validation. The vulnerability is due to flawed allowlist matching of the WebSocket Origin header, which allows an attacker to register a look-alike domain or subdomain that bypasses origin checks and establish a WebSocket connection to the Bokeh server...

EUVD-2019-13353

Malware in sbrugna...

Cross-Site Request Forgery (CSRF)

github.com/gorilla/csrf is vulnerable to Cross Site Request Forgery CSRF. The vulnerability is due to improper origin validation caused by relying on the r.URL.Scheme field to detect TLS, which is not set for server requests, allowing an attacker with XSS on a related domain to perform...

Improper Origin Validation

github.com/jub0bs/cors is vulnerable to Improper Origin Validation. The vulnerability due to middleware configured with multiple origin patterns that share a similar suffix which mistakenly permits access from some untrusted origins, potentially leading to cross-origin attacks...

Improper Origin Validation

github.com/jub0bs/fcors is vulnerable to Improper Origin Validation. The vulnerability is due to the lack of proper validation of origin patterns, which permits untrusted origins sharing suffixes with allowed ones...

CVE-2019-3718

Dell SupportAssist Client versions prior to 3.2.0.90 contain an improper origin validation vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to attempt CSRF attacks on users of the impacted systems...