7 matches found
PT-2023-18849 · Connectwise · Connectwise Control
Name of the Vulnerable Software and Affected Versions: Connectwise Control version 22.8.10013.8329 Description: The issue concerns Cross Origin Resource Sharing CORS in Connectwise Control. According to the vendor, two endpoints have Access-Control-Allow-Origin wildcarding to support product...
Phoenix before 1.6.14 mishandles check_origin wildcarding
socket/transport.ex in Phoenix before 1.6.14 mishandles checkorigin wildcarding. NOTE: LiveView applications are unaffected by default because of the presence of a LiveView CSRF token...
GHSA-P8F7-22GQ-M7J9 Phoenix before 1.6.14 mishandles check_origin wildcarding
socket/transport.ex in Phoenix before 1.6.14 mishandles checkorigin wildcarding. NOTE: LiveView applications are unaffected by default because of the presence of a LiveView CSRF token...
CVE-2022-42975
socket/transport.ex in Phoenix before 1.6.14 mishandles checkorigin wildcarding. NOTE: LiveView applications are unaffected by default because of the presence of a LiveView CSRF token...
PT-2022-26688 · Phoenix · Phoenix
Name of the Vulnerable Software and Affected Versions: Phoenix versions prior to 1.6.14 Description: The issue arises from the mishandling of check origin wildcarding in the socket/transport.ex file. This does not affect LiveView applications by default due to the presence of a LiveView CSRF toke...
CVE-2022-42975
Phoenix prior to 1.6.14 contains a vulnerability in socket/transport.ex where check_origin wildcarding is mishandled. LiveView applications are unaffected by default because of the LiveView CSRF token. Affected versions: Phoenix before 1.6.14. Remediation: upgrade to Phoenix 1.6.14 or later or re...
CVE-2022-42975
socket/transport.ex in Phoenix before 1.6.14 mishandles checkorigin wildcarding. NOTE: LiveView applications are unaffected by default because of the presence of a LiveView CSRF token...