github.com/rs/cors is vulnerable to insecure CORS defaults. The vulnerability exists as AllowCredentials
was default to true, and no warnings were given when used with AllowOrigin: *
.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/rs/cors | eq | HEAD | |
github.com/rs/cors | le | 1.4.0 |