Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:38854
HistoryJan 12, 2023 - 9:37 a.m.

Authorization Bypass

2023-01-1209:37:28
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
github
gorilla handlers
servehttp
cors headers
attacker
software

EPSS

0.002

Percentile

54.8%

JSON

github.com/gorilla/handlers is vulnerable to authorization bypass. The vulnerability exists in the ServeHTTP function in cors.go due to improperly implemented CORS headers which allows an attacker to bypass header values.

Related

osv 3
nvd 1
prion 1
cvelist 1
cve 1
debiancve 1
ubuntucve 1
github 1
redhatcve 1
osv
osv
CVE-2017-20146
2022-12-27 22:15:11
Improper access control in github.com/gorilla/handlers
2021-04-14 20:04:52
gorilla/handlers may allow requester to bypass expected behavior of the Same Origin Policy
2022-12-28 00:30:23
nvd
nvd
CVE-2017-20146
2022-12-27 22:15:11
prion
prion
Design/Logic Flaw
2022-12-27 22:15:00
cvelist
cvelist
CVE-2017-20146 Improper access control in github.com/gorilla/handlers
2022-12-27 21:13:00
cve
cve
CVE-2017-20146
2022-12-27 22:15:11
debiancve
debiancve
CVE-2017-20146
2022-12-27 22:15:11
ubuntucve
ubuntucve
CVE-2017-20146
2022-12-27 00:00:00
github
github
gorilla/handlers may allow requester to bypass expected behavior of the Same Origin Policy
2022-12-28 00:30:23
redhatcve
redhatcve
CVE-2017-20146
2023-01-04 20:35:12

EPSS

0.002

Percentile

54.8%

JSON
Related for VERACODE:38854
osv3nvd1prion1cvelist1cve1debiancve1ubuntucve1github1redhatcve1