Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the ServeHTTP function, which does not sufficiently sanitize X- alias headers. An attacker can gain unauthenticated access to protected endpoints by injecting spoofed trust context with...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the ServeHTTP function, which does not sufficiently sanitize X- alias headers. An attacker can gain unauthenticated access to protected endpoints by injecting spoofed trust context with...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to a missing return statement after a permission check in the ServeHTTP function. An attacker can gain unauthorized access to, create, download, and delete sensitive legal hold data by sending crafted API...

Authorization Bypass

github.com/gorilla/handlers is vulnerable to authorization bypass. The vulnerability exists in the ServeHTTP function in cors.go due to improperly implemented CORS headers which allows an attacker to bypass header values...

Design/Logic Flaw

Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the...

what-wood.servehttp.com XSS vulnerability

Vulnerable URL: http://what-wood.servehttp.com/displayfeature.php?wooddbid=1num=81="'/ Details: Description| Value ---|--- Patched:| Yes, at 27.07.2017 Latest check for patch:| 27.07.2017 10:10 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not...